An experiment by Massachusetts education officials to better manage student records and software teaching tools has privacy advocates concerned it could expose the private information of thousands of schoolchildren to hackers and identity thieves.
Massachusetts is among a handful of states participating in a pilot project with inBloom , an Atlanta nonprofit helping schools to beef up and simplify the wide variety of computer systems used to record student information, administer tests, analyze performance, train teachers, and gather other data. The company’s goal is to standardize the myriad ways that schools keep information on students and performance, and better integrate those records with the many different software programs and teaching tools used in the classroom.
As part of that, inBloom would standardize how schools keep data on students, from names, to test results, to race, and other facts, creating a uniform database of elementary and secondary school student information.
But privacy advocates fear the inBloom database will be a ripe target for hackers, and that a single break-in could result in the theft of personal information on millions of kids. Moreover, they worry that the trove of personal information would prove irresistible to private companies that use such data to market their products.
“We believe that there are enough issues with this, and enough reasons for concern, that Massachusetts should not participate,” said Josh Golin, associate director of the Campaign for a Commercial-Free Childhood, a Boston-based child advocacy group. The American Civil Liberties Union of Massachusetts and the Massachusetts PTA have also criticized the plan.
The growing unease with the inBloom experiment has already prompted two of the nine states in the pilot — Georgia and Louisiana — to temper their involvement by not allowing student information in the company’s database. And last month in New York City, parents at a town hall meeting denounced the program and demanded that the city’s Department of Education give students a right to opt out of it.
InBloom executives say their critics are overreacting, that the student data and other sensitive information will remain under control of individual school systems, and the company will not share it with others unless expressly authorized by the school district.
“The purpose of it isn’t to spread student data across the country,” said inBloom board member Robert Wise, a former governor of West Virginia. “The purpose is to take the data of an individual student and use it more effectively.”
So far in Massachusetts, the only school system in the pilot is Everett, and there the project is still too new for the privacy issues to have been tested. Thomas Stella, the assistant superintendent of Everett schools, said the system had yet to sign a contract with inBloom, and so has not given the company any of its student information.
“We have not shared any data,” Stella said. “You have to have a product we want first.”
InBloom is partially funded by the charitable foundation of Microsoft Corp. cofounder Bill Gates. The company is trying to create a standard data system for schools to store information that can also interact more smoothly with the various technology programs and other tools teachers use. The company also hopes the system will encourage companies to develop new programs to help teachers and students.
“The idea was to create an open-source environment that people could write applications for, and schools nationwide could use those applications,” said Stella.
InBloom would create a unified database of a school district’s information that would be stored at an Internet cloud service; that is, instead of keeping student files on local machines in each school district, all data would be stored remotely, on computers linked to the Internet. All data remain under the control of the individual school district, Wise said, and no company can use a student’s file without the district’s permission.
“There is no national database,” he said. “The district data stay as district data.”
Although Wise said a cloud service would probably have better computer security than an individual school system, critics fear the database of student records will be an irresistible target for identity thieves.
“There’s concern about data leakage and storing all this data in one place in the cloud,” said Golin.
Kade Crockford, director of the Technology for Liberty program at the ACLU of Massachusetts, is worried that inBloom’s database may also contain more sensitive information. For instance, it can track whether a student has ever been pregnant, committed a crime, or brought a weapon to school.
“The amount of incredibly private information that frankly many parents might not know about their kids — I find it alarming,” said Crockford.
Jeff Wulfson, deputy commissioner of the Massachusetts Department of Elementary & Secondary Education, said schools do not have to provide such information to the inBloom database.
“They just wanted to be prepared if somebody wants it,” Wulfson said. “It’s up to the district to decide whether to collect it.”
Massachusetts officials have been concerned about the issues surrounding inBloom and have repeatedly singled out the legal protections and obligations the company and schools are under to prevent leaks of student data.
Still, with only one community in Massachusetts signed on as a partner, state education officials are somewhat lukewarm about the endeavor with inBloom.
“We’re not sure this is going to pan out,” said Wulfson. “We’re just sort of along for the ride to see how this works.”