Technology Privacy in Schools

I found an interesting article (it was sent out to the GSE email list as well) in the NY Times related to what we had talked about privacy a few classes ago. Here is the link.

It talks about how some districts have experienced data breaches with software they have purchased from other vendors. Many technology tools are not secure and some schools have had student records posted online publicly. Teachers and schools need to be aware of the technology they are using in order to avoid data breaches, identity theft, or unauthorized student profiling, especially at a time where school technologies and software are rising in number. A few things that the article mentions that teachers or districts can use are: test out the technology before trying it out with real student information to make sure how secure it is and to check that it is not asking students for personal information; districts can create lists of software that have been proven to be secure.

Let me know what you think! 🙂

Advertisements

2 thoughts on “Technology Privacy in Schools

  1. I think that this article raises a very valid point. Student privacy is something that should be of utmost importance to school districts. This shows that school districts should be very deliberate in terms of the information they ask students and parents for (not asking for information they don’t need) and take necessary steps to protect this information from outside parties who should not have access to it.

    Like

  2. One way to secure these types of technology would be to not give them identifying information. Many of these sites need items like a password, an email address, and a username (something to call the student/teacher/etc). They then associate information with this username/email, allowing access to it via password (unless there is a breach).

    Usernames could be randomly chosen for students – they do not get to pick their names, but are, instead, informed of their username. The same can be done for emails – instead of submitting an email like bmehne@blahblah.edu, I could submit 108c5f2c8eb3f5c2fea145aa5c2e74b8@blahblah.edu which would redirect all emails being sent to it to my real email address. Passwords should, already, be randomly chosen.

    For an idea of how the usernames could work – you could take a look at pottermore, which (in order to keep the usernames child friendly) generates usernames and lets the user pick among them (raveclaw_wizard_1234 or hufflepuff_dragon_4321, etc).

    If a site has nothing stored that is identifying externally (e.g. if you cannot link the username to the student, but instead only know that it is linked to some student somewhere), then a breach is less of an issue – there are enough students in existence that guessing which one is which is hard.

    Using these random usernames, passwords, and email addresses can work with any site, but this technique does not solve the problem (just lessens the impact of a breach). For instance, if I know that Billy did poorly on test 1 (which he may have told me willingly) and there is a breach of test scores, I may be able guess which random username correlates to him by seeing which ones did poorly on test 1. From the breach, I can then find out his other (unrevealed) test scores.

    I would strongly recommend handing out usernames to students that you chose (that are not identifying to anyone else) when having them sign up for accounts (if you can get email forwarding/proxying to work too, that would be great).

    Another, related issue, is culpability – most websites that have security breaches have little legal repercussions – few companies are sued over their breaches.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s