Slashdot Mirror
Google Accused of Tracking School Kids After Promising Not To (cio.com)
itwbennett writes: In a complaint (PDF) filed Tuesday with the Federal Trade Commission, the Electronic Frontier Foundation (EFF) claims that "despite publicly promising not to, Google mines students' browsing data and other information, and uses it for the company's own purposes." The EFF says Google's practice of recording everything students do while they're logged into their Google accounts, regardless of the device or browser they're using, puts the company in breach of Section 5 of the Federal Communications Act.
Breach of protocol there, sorry, but I read TFA.
This part seems kinda disturbing:
some schools require students to use Chromebooks
Why in the hell are schools requiring students to use Chromebooks? We're making people do business and give their personal deals to advertisers now? What's next, requiring Facebook?
This also does something much more subtle but very harmful to our society: it gets kids used to the world where nothing they "own" is really theirs, where everything they do is subject to the whims of someone else. Control over their computing devices is held by a multinational, whether Google or Apple or whoever. Instead, we should be getting kids used to freedom, both the power and the responsibility that comes with it.
Google acting like politicians, promising one thing and doing the opposite.
You should also take a damn close look at Android 6 privacy features. The new feature that lets users turn off rights to GPS, camera etc. for apps after installation.
On the face of it it sounds good, but the way they've done it is absolutely the opposite:
It lets an app install first, then demand priviledges as it goes along. It *tells* the app you are refusing it access to the camera or mic or address book, or location, or SMS's etc. So the app can slowly sucker you in Facebook style demanding more and more privileges to run as it has more and more leverage over you. You mid conversation a messaging app can demand access to your address book to let you finish the conversation, and Google's Android 6 will tell it if you refuse.
Google Player Services, aka Google's spyware* gets a free ride and its spyware can't be turned off. This service tracks location and even if you disable all Google services they continue to get the information. That is just the tip of the iceberg as to what that tracks.
Other similar features in other Android distributions, return empty data to the app, so it might demand access to the camera, but the camera data it gets is a noise image, and it might demand your address book, but it gets an empty address book instead if you refuse it access. So the app cannot know it has been refused access to the data and cannot leverage that to force you to give it access.
* Seriously take a good look at what that 'play' store is sending to Google, it helps itself to everything, and requests location even when the phone is on standby.
They are a privacy disaster and where the fook are the regulator?
once Pandora's box has been opened.
There's probably an algorithm for projected income from the mined data versus likely fines for breach of conduct.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
... to maximize profits.
Google signed a piece of paper saying they would not do these things, apparently legally binding piece of paper. That makes just about everything you've said irrelevant to the FA, since it isn't about whether the school can mine students data (they can).
Actually, according to TFA, Google signed the Student Privacy Pledge.
Google has publicly stated they'll comply with this.
Students do have some expectation of privacy as it relates to Google. Because Google has agreed to give it.
Lost at C:>. Found at C.
is anyone shocked? really? Large deployments of any system cost a lot of money - if Goog didnt charge a lot upfront they were clearly going to get money back somehow - it isn't a charity they have over there in Mountain View.
If they are in violation, then fine, be pissed. But data collection does not imply use for unauthorized purposes. I collect phone and address data on my customers. I do not use it to stalk them.
Silence is a state of mime.
THE SCHOOL has the right and responsibility to monitor things - they dont have the right to force kids to give their data to a private for profit corporation.
Schools are required to safeguard non-public information about their students (medical records, grades, IEPs...etc). The EFF claim does not make it clear that Google has leaked non-public student information to any unauthorized people.
Students have no expectation of privacy when using school supplied computer systems (Reichert v. Elizabethtown College). Schools are allowed to access and use any staff or student generated data if that data was generated using school supplied computer systems.
EFF's cloud "sync" argument isn't too solid. Google's system of syncing data between devices is the entire point of Google Apps and their Chrome OS system. These systems are provided by the school district to the students and staff - just the same as local network supplied computer services - and the expectation of privacy is the same - there is none.
Providing the students have been notified of the purpose of the data collection surely?
Not sure about US legislation but a quick search reveals this:
The FTC's Behavioural Advertising Principles suggest website operators should obtain affirmative express consent (which can be provided online) before using sensitive consumer data. Sensitive data includes:
Financial data.
Data about children.
If google just changes their name to facebook then everyone will say it's fine and dandy. The problem here is just that people used to expect google not to do this kind of thing, while facebook started off explicitly designed to do this kind of thing.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Maybe it's time someone synced a lot of private information from Google's internal servers to some cloud service somewhere?
"Who's that hiding in my kid's closet with handcuffs and a gunnysack? Molester Joe! You silly-billy! When I hired you to babysit my kids, you promised you weren't going to try to kidnap them! You even signed a contract to that effect!
"Well, it's my fault, really--I knew you wouldn't be able to resist. All right, but this is your second strike. Five more strikes and I'll have to report it. Now get outta here, you scamp!"
Perhaps you should read the claim more closely. Google *agreed* not to spy on students (and yes I did use the word spy because that is what they're doing). This formed part of the basis for which Schools used their services. Since schools have a legal obligation to keep private student data private, this was essential to them.
Yet Google doesn't honor that agreement, and thus exposes the schools to legal consequence:
"Google’s practices fly in the face of commitments made when it signed the Student Privacy Pledge, a legally enforceable document whereby companies promise to refrain from collecting, using, or sharing students’ personal information except when needed for legitimate educational purposes or if parents provide permission."
"EFF’s filing with the FTC also reveals that the administrative settings Google provides to schools allow student personal information to be shared with third-party websites in violation of the Student Privacy Pledge. The ability to collect and potentially share student information follows children whenever they use Chrome to log into their Google accounts, whether on a parents’ Apple iPad, friend’s smartphone or home computer."
"EFF's cloud "sync" argument isn't too solid. Google's system of syncing data between devices is the entire point of Google Apps and their Chrome OS system"
No, its an OPTIONAL feature that is turned on by default for School Chromebooks. Sure this might be the point of Chrome from Google's perspective (gaining market advantage by having access to private data), but that does not make it the schools entire purpose!
apparently that means to their bottom line and shareholders(i.e. Sergey and the other class B holders)
Schools get free Google Apps and Mail, what did you think was going to happen? They get to mine the data in exchange for "free" services.
once upon a time on slashdot you'd get modded troll for even hinting that google might actually be capable of evil. good times.
He once inserted random mutations into his code, just so he could have the experience of debugging.
With ipads and chromebooks everywhere, why aren't kids getting any smarter?
this is the first actual proof of evilness in my mind. Others were dubious but this is a bright line they just crossed. Just changed my mail address over to apple, and my browser to duckduck.
Some drink at the fountain of knowledge. Others just gargle.
45 billion dollar fine for Mark Zuckerberg should be enough of a deterrent for this offence.
I say: how many times do people have to get burned by Google to realize they are not honest, they are not on your side, and they have no intention of respecting the law or individual's rights? Something like this warrants awareness, but we sleep on and dream. It's our own effing fault.
"Don't be evil... unless, you know, being evil is profitable, and you don't think anyone will notice, then go for it!"
I've abandoned my search for truth; now I'm just looking for some useful delusions.
and Chromebooks and iThings are in fashion and are tracking kids, obviously. Where I work (secondary ed), people mandate children create gmail accounts and whatnot with no thought whatsoever to what that means.
This is not surprising at all and I'm glad that I support the EFF.
... to our yearly revenues.
No, in all cases I've seen, the Chromebooks are owned by the school and issued out to the kids when needed in certain classes. The schools aren't demanding the kids buy Chromebooks themselves to use for classwork outside of school.
So say they do comply. They collect information, but don't use it to target advertising, etc. There are two kinds of information Google can collect, actual documents and emails stored on Google's servers, and general search and browsing history. The first is in the nature of those services - no way to not 'collect' it and still provide the service. I guess you could make a similar argument for search and browsing history too - tracking history makes search work better.
I suppose they could run normal Google in schools and just not present ads. That'd keep the services working, and would probably meet the above requirements. Or they could also present non-targeted advertising. I.e., present ads targeted at the broad demographic of school kids that doesn't rely on any kid-specific mined data. That'd probably be okay-ish. Maybe better if they blocked ads when accessing the service via a school IP address.
But what happens when they are at home? Or when they grow up and continue to use Google services? I'm guessing that all bets are off at that point. They get the same targeted advertising as any other Google user. Now, I'd argue that Google's advertising is not 'evil', since it funds the free services and no info is shared directly - or even viewed by humans. But some still have a problem with that. I guess a concerned kid - or his parents - could drop the Google services at that point. But, yeah, these free services for schools are meant to hook kids into an ecosystem. That's why Apple, and then Microsoft, offered free stuff to school kids in the past, and we didn't like it then. I suppose that if Google services let you export your saved info in standard formats that allow you to continue to access it without Google - and if they then let you wipe your info from their servers - that'd be pretty okay. The only problem would be if, say, Google Docs became so ubiquitous that there were no alternatives to import those documents to. Any chance of that...?
Posted from my Android phone. Oh, I can change this? There, that's better...
How can you tell when a bunch of liberal demoncraps like Google is lying? Their lips are moving.
That said - liberal demoncraps are mostly unaware of reality and so they will often attempt to lie but fail to do so, accidentally telling the truth.
The only way you can know with absolute certainty that what a liberal demoncraps is murmuring is definitively an untruth is if they claim to promise or swear what they are saying is true. The reason this works is because the liberal demoncrap is incapable of keeping a promise or honoring an oath.
Why won't they tell you the truth? Because they hate you and want you to die. Not the generic you - you specifically, and those you care about.
It is also possible to agree not to collect.
"Don't retain" agreements are easier to audit than "don't use for ____" agreemends.
"Don't collect" agreements are easier to audit than "don't retain."
"Don't collect" agreements on an open-source platform like ChromeOS are even easier to audit.
I would aim for a "don't collect" agreement where practical, such as web browsing history, and a "don't retain" agreement where it's not, like documents.
I'm expecting most students' main wish would be, "let me move docs and bookmarks from school-managed visible-to-'administrators' student account to GMail account when I graduate." For the ones who don't want to use GMail, it'd be good to have a "don't retain" agreement covering docs, which I think Google (nearly?) already has, with every user, not just schools.
It's a weird situation because, as a student, I trust Google a lot more than I trust the school. I felt the school had too much power over students and was so afraid of embarrassment they were not on the student's side. The same probably applies to the parents of about half the students. This discussion is helpful, but it's less important than what the students should really be doing, which is making a private GMail account and hiding it from their parents and school.
Google syncs student data to their servers, including web searches, because Chromebooks back up everything to the cloud. If you back up your Windows machine to the cloud, you back up your search history as well. Nothing in the EFF's press release suggests that they have shown that Google does anything more than this, let alone "mines" that data or "uses it for the company's own purposes".
Any data generated using school systems is property of the school or school district.
Student data does not belong to the student. No one is forcing kids to put "their data" (whatever that means) on anyone else's computer.
From Google's Apps for Education Common Questions page:
https://support.google.com/a/a...
Will there be advertisements with Google Apps?
For all EDU domains, ads are turned off in Google Apps for Education services and K–12 Google Apps for Education users don't see ads when they use Google Search and are signed in to their Apps for Education accounts.
Fuck gmail and chrome. Sign up for protonmail. Phone aps are still in beta but the servers are encrypted regardless of how you use the acct.
It is ludicrous that in the present day, instead of educating people on the use of computers and networking, and therefore also including privacy implications, these fuckwits just want their jobs and their lives to be easier. Kids should be able to bring any capable device they like, which only connects to the schools secure servers. Using google services to a minimum is what needs to be taught here. Handing everything over to googles servers is yet one more reason our educational system is one big pile of shit designed to do nothing but line peoples pockets. Modern education is truly a monumental travesty of laziness and greed. Actually teaching something? Priceless and yet not even in the picture.
Students have no expectation of privacy when using school supplied computer systems (Reichert v. Elizabethtown College).
Students have no expectation of privacy *from the school*. They have every expectation of privacy from a random company not associated with the school system.
Say you buy a backyard pool for the kids. You allow the pool installer into your back yard while they're working. A month later, your 13 year old daughter is swimming in her bikini; as your dad, it's ok to take a picture. If the swimming pool installer snuck in and started taking pictures of her, would you be creeped out? In this case, Google is acting just like a pedophile - closely watching kids even when they said that they would not.
is thinking about the children.
Exactly. In our district, we have a BYOD program, but if kids bring their own Chromebook, it is THEIR Chromebook. It's merely subject to our filters when it's connected to our network.
Apparently leaving open the option to GIVE AWAY info or to TRADE it.
Geo-located advertising gets the go ahead.
No idea what Enforce strict limits on retention means. We keep it for AT LEAST 75 years...they didn't say WHICH limit :O
etc
they only give a fuck about their phones. It's rare to see a kid in the hall at my school who isn't completely absorbed by a glowing rectangle zombie walking down the hall as slow as possible with ear buds in.
How about if you had a private key used to encrypt the data before it was synced?
Not for long. Terrorism you know.
Google hates us and want us to die. You should never vote for Google. They're so evil. So evil.
A long time ago, in a galaxy far away, I had to deal with data volumes that were pretty much unheard of at the time. Google sold an appliance that (supposedly) made searching this data much easier. While it never worked quite as well as we'd hoped, it worked to some extent (it was not really able to be tuned to give good relevance scores for the data we used) and it wasn't entirely lost revenue.
At any rate... Why not sell an appliance or, better, software that enables the school to run their own private cloud with Google's services? Hmm... Someone should do this over there at Google's HQ. I don't really want a job but they should hire someone to actually think about these sorts of things. A district or even a whole State could have its own private cloud. They could even configure the devices to use them when they're not directly connected to the network and that'd be fairly trivial to accomplish.
Google would make money (maybe not as much as they'd like and they'd not get the data which sucks but they'd still profit) and compliance would be trivial to accomplish. 'Snot like it's rocket surgery or anything. Even I can think of ways to do this. They don't even need to give up their source, they can run it on a black box if they absolutely needed to (though I'm not sure who'd trust such a thing but that's what firewalls are for).
"So long and thanks for all the fish."