Archive for the ‘student data privacy’ Tag

Chicken Thieves and Data Thieves: What’s Up with CEP?   2 comments

chick-in-ladle

 

In The Adventures of Huckleberry Finn, Huck stole chickens.  Huck’s father had taught him how to stomach chicken theft.

That reminds me of the way the federal CEP (Commission on Evidence Based Policy) stomachs human data theft.  Huck said:

… Pap always said, take a chicken when you get a chance, because if you don’t want him yourself you can easy find somebody that does, and a good deed ain’t ever forgot. I never see pap when he didn’t want the chicken himself, but that is what he used to say, anyway.

Just as the Finn thieves lied to themselves, saying that they might do society a favor while they did themselves a favor, stealing chickens, so ed reformers and CEP data gatherers lie to themselves and to the public.  After all, the CEP doesn’t do its own thieving; why should it judge or disclose the immoral origins of the data?

CEP simply says that it wants to centrally house data (that’s previously been taken, without permission from citizens, by school State Longitudinal Database Systems and by other entities.)  CEP members wring their hands over the inconvenience they have endured, not fully being able to access all the pii.  So also say the elite researchers and Gates-linked business people testifying at CEP’s public hearings.

Maybe you didn’t know that citizens’ data is being taken without our permission.

Think: when did you receive a permission slip from the school district, or from the state, asking you to sign away all student academic and nonacademic data for the rest of your child’s life?  Never.

Yet SLDS systems do track a child for life.  That’s what “longitudinal” means: through time.  They call it P-20W.  That means preschool through grade 20 and Workforce. Life.

Well, now you know.  And we can’t opt out of the data theft system.  I tried.  The biggest, most vibrant source of citizen data is our public school system, and the government is unwilling to stop stealing from us in this way.

I do not use the word “stealing” lightly, nor am I exaggerating.  Personal data is literally being confiscated without informed consent or permission of any kind, via school databases linked with many state agencies.  Every digital record created by students, teachers, counselors, school nurses or administrators can be stored (and shared) from there.

Sometimes it is hijacked by unethical researchers entrusted with care of the pii.

chick-on-skate

No one seems to notice these articles about stolen pii.

And on it goes.  Data points are taken and taken and taken –about both academic and nonacademic lives. Schools feed aggregate data and pii into federally-created “State Longitudinal Database Systems” (SLDS). Because SLDS systems use common educational data standards (CEDS) that the federal-corporate partners created, that data is portable and re-shareable (or re-stealable).

Many people believe that federal FERPA privacy laws protect the data, but it doesn’t.  It used to.  The Department of Education shredded the protective parts of FERPA several years ago.  What’s actually protecting student privacy right now is the territorial unwillingness of agencies to share all data.

But the CEP is out to change that.

gold-bars

CEP will lead you to believe that it’s all about benefiting society.  But that’s a side show, because data is the new gold.   Everyone wants the data!

Sadly, individuals aren’t guarding this irreplaceable gold; most people aren’t aware that this pii is so valuable, that it’s being taken –and that it’s THEIRS.

Meanwhile, the elite at the CEP speak about data as if it’s oxygen, free for all, belonging to all.  It makes sense from their (bottom line) point of view; governments and ed vendors have financially benefited from SLDS’s taking students’ data since about 2009, when SLDS databases were installed in every state by federal grants, and when federal FERPA changes allowed almost anyone access, for supposed research purposes.

Luckily, there’s so much territorialism by the various holders of the taken data that it hasn’t yet been centrally housed all in one spot.  The federal EdFacts Data Exchange has some data. Each state’s SLDS has tons of data. Universities, hospitals, corporations, criminal justice agencies, and other organizations have other caches of pii.  But the elite (the federal government, globalists, corporate elite, and some scientists) are desperate to have one national “clearinghouse” so that they can see and use our data to their own designs.  They speak a smooth line in each of their CEP hearings.  But don’t forget:  that data is your life.  Yours.  Not theirs.

There was a recent three hour conversation that you most likely missed last week. Held in Chicago, this “public” hearing of the federal Commission on Evidence-Based Policymaking (CEP) discussed what should be done with the  pii (personally identifiable information) that federal agencies, state agencies, counties, school systems, hospitals, criminal justice systems, colleges and other organizations have collected.  They’ve been discussing this all year long.

I picture Pap with a crate of stolen chickens.  I picture his pirating friends with their own crates nearby.  I think there might even be a few crate-holders who ethically came by their chickens, but the federal Chicken Evidence Policy says that all chickens go in one central pen, on an ongoing basis, so all the elite can access the chickens conveniently–  conveniently for everyone except the chickens and their owners.

chicks-and-lab-coat

When you listen to their hearings, you find that the federal CEP is leaning toward creating a federal clearinghouse where every individual’s data can be centrally managed.  CEP is also hoping to overturn the federal ban on unit-record identifiers.

Welcome to the real live prequel to Orwell’s 1984.

Do I sound calm?  I’m not.  This makes me almost unspeakably angry.

While trusting parents, teachers, school administrators and students are being used as pawns in the great data-gathering heist, arrogant members of Congress, of science, of CEP, of big data, are assuming authority over MY life and yours in the form of our personally identifiable data.  And who is stopping them?

Despite a huge number of public comments that told the CEP that Americans want the CEP to get its hands off our data, the CEP moves ahead at a steady pace.  And why not?  We can never un-elect this appointed group that Congress created less than a year ago.  What motivation would CEP have to actually incorporate the public comments?

As the Missouri Education Watchdog pointed out in October, there was only one man in America who seemed to care about protecting citizen privacy at that month’s hearing.  Mr. Emmett McGroarty testified to the CEP that what they were doing was wrong.  Similarly, at last week’s January 5 CEP hearing, there was only one woman who spoke ethically about children’s data privacy rights.  She did a magnificent job.  Everyone else testified that data should be gathered in one place, or possibly in a few places; and none of the others mentioned permission or informed consent. I took pages and pages of notes, since the meeting was only public in the sense that I could listen in to it on my phone.

It wasn’t filmed.  It wasn’t truly public.  It’s aiming to fly under the radar because it’s theft.

chicks

Huck Finn’s father’s plan to later share the stolen chickens didn’t make the chickens less stolen.  Other people’s information doesn’t suddenly become your “scientific research” or your “evidence” for “evidence-based policymaking” just because Congress created a commission and appointed you to chat about it.

Shame on the CEP.  Shame on all who turn a blind eye to this evil, open assault on the basic freedom of personal privacy.

UT Lawsuit Puts Spotlight on 750,000 Stolen Records of Students and Families   2 comments

judith

Judith Pinborough-Zimmerman

A news bomb about the theft of student data exploded in Utah’s Deseret News last July, but nobody noticed, apparently.

The article’s headline — “Wrongful Termination Lawsuit Puts Spotlight on Utah Autism Rates” — focused primarily on things other than the data theft.  It highlighted former University of Utah research professor Judith Zimmerman’s allegations that university researchers were falsifying Utah’s autism rates.

But to me, the unheadlined bomb that the article dropped was the 750,000 students who had their data and their families’ data stolen by unauthorized “researchers”.  The families now have no way of knowing this happened.

Zimmerman was fired for raising concerns about protected student data that she said the researchers had “compromised and accessed without proper authority.”  She told the Deseret News that unauthorized individuals took  750,000 sensitive records with neither parental nor schools’ consent.  This private “medical and educational information”  included “names, birthdays, information about medical characteristics… special education classification and parents’ names and addresses,”  reported the Deseret News.

How would these families now be notified?  I wonder: with the whistleblower fired and with a years-long lawsuit and likely gag orders pending, the only people who now could potentially contact those families would be still employed at the university –who, being accused of the wrongdoing, certainly won’t go out of their way to inform the affected families right now.

I’m not going to discuss the ways in which the stolen records, and the children they represented, are vulnerable to potential crimes of credit card fraud, health insurance identity theft, crimes of predatory stalkers or the mandates of well-or-ill-intentioned governmental activists.

I’m here to ask –and answer– a very simple question that I hope readers are asking: how could this have happened?  How were three quarters of a million records of children just lying around under the noses of any unscrupulous university researchers?

It’s simple.  Utah has a STATE LONGITUDINAL DATABASE SYSTEM (SLDS) and it’s managed by the UECP at the University of Utah.

uecp

You, your children, and your grandchildren are in the SLDS whether you like it or not –unless you pay 100% of your own money in tuition for a 100% private school, and always have.  There is no other way to opt out.  I’ve tried.

Don’t get me started about how blindly stupid Utah is (all states now are) for having –and continuing to support– the SLDS.

We’re subject to this SLDS data surveillance system simply because in some USOE cubicle, some clueless grant writer responded to Obama’s mess of pottage and decided that the state of Utah might exchange students’ privacy for a $9.6 million dollar federal grant.

Utah traded all students’ data records, longitudinally (permanently) into this data-slurping machine, euphemistically titled the State Longitudinal Database System,  which the feds designed and oversaw— all for the love of money and nonconsensual research.

uda

Without parental consent, Utah children’s data now is daily being collected –using schools to vaccum it up.  This is not a legitimate situation, but you can’t blame schools.  They are being used.  They have to give daily data to the state/fed system, or they lose funds/grind to a halt.  In a recent Utah rulemaking statement, we read:  “all public education LEAs shall begin submitting daily updates to the USOE Clearinghouse using all School Interoperability Framework (SIF) objects defined in the UTREx Clearinghouse specification. Noncompliance with this requirement may result in interruption of MSP funds.”

So we can’t believe the ear candy we’re told, about how this data  mining is about keeping data on kids so teachers can do their best teaching.  It’s not staying in the local school for teachers and administrators to legitimately peruse, but it goes into the federally designed, federally interoperable SLDS database held at UECP/U of U which many state agencies can peruse and which the feds can already partially peruse.

(Side note:  the feds are feverishly working to get much greater unit-record access as we speak.  If you’re interested, livestream the CEP’s federal public hearing on that subject today: https://www.youtube.com/watch?v=bvvatB_NBWI )

Every state has an SLDS system.  The feds paid the states to build them.  The feds told the states how the SLDS’s had to be built.  Utah got nearly $10 million to make Utah’s federal SLDS in 2009.  And the grant’s been renewed to keep trading cash for students, in recent years.

Utah children and their families thus have their data sucked away to where unelected, unaccountable “researchers” are entrusted with data via SLDS.  The University’s “Utah Education Policy Center” (UEPC) is a founding partner in the Utah Data Alliance, which controls Utah’s SLDS system. According to UEPC’s website:

“Five other partners include the Utah State Office of Education (public education), Utah System of Higher Education, Utah College of Applied Technology, Utah Education Network, and the Department of Workforce Services. UEPC serves as the research coordinator for the Utah Data Alliance. UEPC coordinates access for individuals and organizations interested in collaborating with the Utah Data Alliance, or researchers interested in accessing data for research purposes.”

That’s a long answer to a short question.  That’s how the data got stolen.

Here’s the follow up question:  what’s keeping the other millions of records of students from going the same way that those 750,000 records went?

Ask your legislator that question.  Ask him/her to show you any proper privacy protections that are actually in place.  (FERPA was shredded; don’t let them pretend there’s protection anymore under FERPA.)

We do not even have the freedom to opt out of SLDS tracking.  But all of this can change– if more good people speak up– act.

fox

 

How did the fox persuade the gingerbread boy to get on his back?  The fox said that he would never eat him, but would surely protect the gingerbread boy from everyone who was trying to eat him on the dangerous side of the river.

On shore stood the hungry horse, the farmer, the dog, the others– and the fox said that he could help the gingerbread boy to get away.  The fox protected the gingerbread boy like the federal government is protecting your child’s personal data.

Every time I read an official promise like this recent CEP statement (and there are so many; even the federal alterations to FERPA sounded like the CEP statement) –I think of the gingerbread boy.  The CEP (federal “Commission on Evidence-Based Policymaking”) promises that the government only wants more individual “data in order to build evidence about government programs, while protecting privacy and confidentiality.” I think of the fox “protecting” the gingerbread boy.

That fox wanted to eat the boy just as much as the dog and the farmer and everyone else did.  Even the gingerbread boy probably suspected it, but he really, really wanted to cross that river.

When the government says that it can and will protect privacy while accessing greater amounts of data, I think:

 

River = money

Gingerbread boy = a child’s sensitive data

Horse = educational sales corporations

Farmer = educational researchers

Fox = federal government

Dog= state government

The oven where the boy was born = SLDS database 

 

 

gingerb

 

 

 

 

Alpine School Board Members Speak Out For Student Privacy   5 comments

Alpine-Board-10x8-1024x819

 

Three remarkable Alpine School Board Members: Wendy Hart (front left) Brian Halladay (standing, middle)  and Paula Hill (front, right) have written an open letter on student privacy, citing documented realities (contracts, documents and laws) that boldly stand for student privacy and parental rights, against Common Core SAGE/AIR testing.  The letter stands tall against statements from State Associate Superintendent Judy Park and the Utah State Office of Education that claim all is well with student privacy in Utah schools.

Hats off to Hart, Halladay and Hill for speaking up despite pressure to go along in silence with the decisions or positions held at the state level.

Before I post the letter, here’s a little background:

Before Common Core testing even began, Utah officially dropped out of SBAC (a federally funded Common Core test maker) but then immediately picked up, as a replacement, test maker  AIR  (American Institutes for Research– also  federally approved, but not federally funded; Common Core-aligned; a test maker that specializes in psychometrics and behavioral testing,  prioritizes promoting the LGTB philosophy –and is officially partnered with SBAC!)  Many Utah parents are opting their children out of these tests, and state level officials are desperately trying to persuade the population that there’s no reason to opt out.

Statements promoting and approving AIR and SAGE, by Assistant Superintendent Judy Park, have been rebutted and even publically debated before– but this new letter stands very, very  tall, shedding much more light on the student privacy dangers of SAGE/AIR and highlighting the lack of Utah laws that protect an individuals’ ownership over his/her own data.

 

Here’s the letter:

 

September 18, 2014

 

Dr. Judy Park

Utah State Office of Education

Dear Dr. Park,

 

Thank you for taking the time to address some of the issues with AIR and SAGE testing.  We especially appreciate your citations of the contract.  In the interest of openness and transparency, we have a point of clarification, as well as some follow-up questions.

To begin, a point of clarification.  Your letter is directed to Superintendent Henshaw who communicated some of our concerns about SAGE and AIR to you.  In your letter, you indicate that “False, undocumented and baseless allegations need to cease.”  We wish to clarify that the concerns expressed by Dr. Henshaw were not coming from him, and, as such, your directive would not be to him but to those of us on the board and our constituents who are raising questions, based on our reading of the AIR contract with USOE.  Because Dr. Henshaw reports to the Alpine School Board and not the other way around, any directive for Dr. Henshaw to rein in these ‘allegations’ from board members or constituents would be inappropriate.  We can appreciate that you are troubled by this, but we would recommend that more information and more discussion would be a preferable way of resolving concerns, as opposed to suggesting that concerned representatives and their consitutents simply remain silent.

So, in that spirit of openness, we have the following clarifications and follow-up questions.

We begin by addressing the sections of the AIR contract cited in your letter of August 14.  It was very much appreciated because these are the same sections of the contract that we have studied.  We were hopeful that there would be additional insight.  Unfortunately, we did not find any assurance in the pages listed.

I-96 – I-98:  This section nicely addresses the physical, network, and software security for the server and test items.  However, the only reference to AIR employees, their ability to access or use any data is left to “Utah’s public records laws, FERPA, and other federal laws.”  FERPA, as many know, has been modified by the US Dept of Education to allow for the sharing of data without parental knowledge or consent as long as it can be justified as an ‘educational program’. Additionally, FERPA only contains penalties for those entities receiving federal funds.  Since Utah is paying directly for SAGE testing, FERPA is a meaningless law in this regard.  Additionally, Utah’s public records laws appear to only address the openness of public records, but are insufficient when it comes to privacy or use of data, including that of a minor.  If there are robust privacy laws in Utah’s public records laws, we would appreciate additional citations.  Please cite the other federal laws that protect the privacy of our students.

I-61:  Addresses the technical protocols for the data transfer, as well as encryption of passwords.  Again, this doesn’t address those who are given access by AIR to the data for whatever purpose.

I-72 – I-73:  Addresses the security of those contractors who will be manually scoring during the pilot testing.  This addresses a particular third-party in a particular role, but not AIR as an entity or its employees, other than this particular instance.

I-85 – I-86:  Addresses the issues of users and roles for the database and USOE updates.  This limits the appropriate access to those of us in Utah, based on whether we are teachers, principals, board members, USOE, etc.  Again, this does not address anything about AIR as an entity or its employees.

While all these security precautions are necessary, and we are grateful they are included, they do nothing to address the particular issues that were raised at the August 12, 2014 Alpine School Board Meeting.  Some of our concerns are as follows:

1)  Prior to the Addendum from March 2014 (for which we are grateful) there was no prohibition on sharing data with a third-party.  As indicated, the changes to FERPA would allow AIR to legally share data with a third-party as long as that sharing was for ‘an educational program’ without parental knowledge or consent.  As such, the addendum now allows for that sharing only with the USOE’s consent.  We are still concerned that parents are not asked to give consent and may not have knowledge of their student’s data being shared.

2) AIR itself is a research firm dedicated to conducting and applying the best behavioral and social science research and evaluation.  As such, they are involved with data collection and evaluation. In the contract and addendum cited, there is nothing that prohibits how AIR or its subsidiary organizations may use, query, analyze or access any or all student data from the SAGE tests in Utah.  They would have access to many data sets from many entities.  They also would have multiple on-going research projects.  There is no prohibition on what inquiries, research or analysis can be done on the data from SAGE testing.  As long as AIR does not profit from the data or share with a third-party without the USOE’s consent, the data is managed by AIR and available for access.  What are the methods in place to prevent AIR from accessing the data for additional research or analysis?  AIR does not need to share the data with a third-party to violate the privacy of a student or a set of students.  However, since they control and manage the database, there is nothing that would prevent this access.

3) There are no prohibitions in the contract regarding behavioral data.  While we realize Mr. Cohen has said the contract does not call for gathering or evaluating behavioral data, and that AIR is not inclined to do so, there are, again, no prohibitions or penalties associated with gathering or evaluating behavioral data.  State law allows for the use of behavioral data in the year-end testing.  So, there are no legal prohibitions on the use or collection of behavioral data.  Since behavioral research is the primary mission of AIR, as indicated by its mission statement, it is a concern for parents.  If AIR has no desire to collect behavioral data as part of the SAGE testing, it should state so explicitly in a legally-binding manner.

4) Many parents have, legally, opted out of SAGE testing for their students.  As such, why is AIR receiving any information on these students?  Parents feel it is a grave violation of their trust by USOE that any data the USOE has received from the schools can be input into the SAGE database, not to mention the State Longitudinal Database System (SLDS).  There must, at a minimum, be a way for parents to opt out of all sharing of their student’s dat with AIR and the SLDS.  At what point, if any, will student data be purged from the AIR database?  What is the method for demonstrating the data has been properly purged?

Additionally, we appreciate the response of Mr. Cohen to our concerns.  Based on his response, we have the following questions.

1)  Please list the “express purposes” for which the release, sharing or sale of data is not prohibited, per contract.

2) What third parties are AIR “explicitly permitted by the State of Utah” to provide data to?

3) What research has AIR been requested and directed by the Utah State Office of Education to conduct?

4) What entity (or entities) has AIR been authorized by the State of Utah to release data to?

5) Please list the source of the contract that states that AIR is prohibited from releasing data to the federal government.

6) What entity (or entities) have been designated by the USOE to receive data from AIR?

7) The memo does not address companies owned or operated by AIR, which would not be considered third-parties.  Please state, per contract, where AIR does not share data within related party entities.

Finally, we have the following questions related to the validity and reliability of the SAGe testing.  We understand that this information would not be protected by copyright, and therefore, could be provided to us, as elected officials.

1. Normative Sample Details (who took the test)

2. Coefficient Alpha Reliability

3. Content description Validity

4. Differential Item Function Analysis

5. Criterion Prediction Validity

6. Construct Identification Validity

7. Other types of validity scales/constructs that are applicable only to CAT test designs

We appreciate the opportunity to discuss this more in the future.  As those who are responsible to the parents of this district, we feel it is imperative that our concerns are addressed.  And, when all is said and done, it is most important that parents have the opportunity to protect whatever student information they feel is necessary.  Just because parents decide to educate their children in our public school system does not mean that we, as a state government, are entitled to whatever information about their children we feel in necessary.  Parents are still, by state law, primarily responsible for the education and the upbringing of their children.  As such, their wishes and their need to protect information on their students is paramount.  As members of the Alpine School Board, we must represent the different views and concerns of all the parents in our area.  For those who have no concerns, then you may proceed as usual.  For those who do have concerns, it is incumbent on us to raise these questions and to obtain the most accurate information possible.

Thank you for your time, and we look forward to more information in the future.

 

Sincerely,

 

Brian Halladay

ASD4

Wendy Hart

ASD2

Paula Hill

ASD1

 

—————————————————————————–

 

I wish every Utah parent, teacher, student and principal read this letter– and took action!

The time has long passed for blind trust in Dr. Park, in the State Office of Education and in the State School Board. Surely, power holders –in the legislature, in district administrative offices, and in the governor’s office who read this letter– will finally act.

Share this letter!

%d bloggers like this: