Technocratic Corporatocracy Hijacks Public Schools for Profit

Photo Credit: Lexie Flickinger (CC-By-2.0)

Making People Transparent for Profit Through Nontransparent Algorithms

Imagine if everything about you was on a giant billboard and you could see who was buying information about you and making lists. That is exactly what is happening without your knowledge or consent each time you use the Internet. Everything a user does online is tracked and monetized — Google, Facebook, Twitter, Amazon, apps — they all collect your data. A provider of computer-run education programs has admitted that they share the data they gather with 18 “partners.” Invisible analytics, profiling, sharing or selling of data collected without consent or knowledge makes every Internet user vulnerable to manipulation and control, ending personal privacy and sovereignty. 

The process works like this: new data are collected covertly through apps; the collected data is transferred to data brokers who access the new data and combine it with existing data about an individual using nontransparent algorithms. The algorithms create a very detailed profile of individual users; vendors are sold access to the profiles and target individuals based on profile analyses. Google is by far the most used third party analytics tracker and makes 90% of its revenue tracking user searches. In attached bibliography includes multiple examples of how the tech industry not only sells data, but sells data collection programs and devices to measure behaviors and infer emotions and thoughts. 

The documentary, The Creepy Line, explains how tech giants use algorithms to shape behavior and shape thoughts. Google used algorithms to influence voter behavior in the 2016 presidential election In a recently leaked video of a Google company meeting conducted shortly after that election, one employee asked if Google is willing to “invest in grassroots, hyper-local efforts to bring tools and services and understanding of Google products and knowledge so that people can “make informed decisions that are best for themselves.” Google CEO Sundar Pichai responded that Google will ensure its “educational products” reach “segments of the population [they] are not [currently] fully reaching.” Apparently, Google will ensure that Google Chromebooks and the Google manipulated search engine will be standard “education” materials in American schools so that students can make Google informed decisions.

Tracking and “Educating” Children

Schools funded with tax dollars allow the tech industry to collect billions of student data points about every aspect of every student using school issued personal devices by mandating students complete assignments using online tools and apps for classwork and homework on these devices. The data are used to build comprehensive profiles on each student. Every state has a database and students’ personal data can be shared with researchers and companies. Google launched a public relations campaign, Be Internet Awesome, that includes a curriculum and online game for Chromebooks, to promote itself as a “good” company; but a critical analysis of Be Internet Awesome concluded,

. . ., the program’s conceptualization of Internet safety omits key considerations. Specifically, it does not acknowledge the role of companies in keeping data and personal information secure. Instead, its focus on user-centered strategies obscures the degree to which users are often powerless when it comes to controlling how their personal data is used. [It] generally presents Google as impartial and trustworthy, 
which is especially problematic given that the target audience is impressionable youth. 

Transporting human beings without their consent for exploitation is human trafficking. Transporting human beings’ private data without their knowledge or consent is human data trafficking. Transporting children’s private data by collecting it in compulsory schools without parent knowledge or consent to exploit them in the data market is nothing less than institutional child data trafficking.

Failure of Government

Existing federal laws are inadequate for protecting student data privacy. FERPA generally does not apply to online data collection and FERPA was changed by executive rule in 2011, removing parental consent for data collection. FERPA now allows companies (such as Google) to be declared a “school official,” giving them access to student data on par with professionals who have a “need to know” to provide appropriate services to students. HIPPA does not apply to student records. COPPA does not generally apply to schools, and COPPA is rarely enforced even when complaints have been filed, and we know thousands of Android apps are improperly tracking children. There is no federal law regulating companies’ use of online student data.

The FBI recently issued a warning about privacy and security risks of educational technology and the U.S. Department of Education issued guidance that schools should not force parents to consent to third party terms of service. Yet, parents are told they cannot attend the school if they don’t allow their child to have a fill in the blank edtech app or program (e.g., Naviance, or NWEA, or Google Gsuite account). EdTech people say education is the most datamineable industry by far and we know now that students’ social-emotional data is the new goldmine despite the pseudo-science propping up social-emotional learning. The West Virginia teachers strike in Spring 2018 was in part sparked because, among other reasons, teachers were being forced to download Go365, a wellness and rewards app which would track their steps and other health data. Teachers were required to upload a variety of personal health information into the app and saw the program as an invasion of personal privacy

Google’s money wields an enormous amount of influence on U.S. education policy. Under the Obama Administration Google’s lobbyists had essentially unrestricted visits to the White House . A shocking number of White House officials now work for Google or vice versa. The U.S. Department of Education was heavily populated with former employees of organizations associated with Bill Gates, also advocating for computer-administered education. We know tech firms including Google have recently been lobbying the White House for a new federal privacy law on their own terms; Google even provided their own framework for a favorable privacy bill that does not include opt-in consent. It is time for Congress and states to kick the fox out of the henhouse — reject corporatocracy and restore our Constitutional democracy.

Responsibility of Government

U.S. citizens are protected from the government’s invasion of privacy and from property theft. They must also be protected from corporations’ invasion of privacy and theft of their electronically created property. Sovereign citizens cannot be coerced into giving their data or penalized/denied public education services for not consenting to sharing their data. Given that the infrastructure has already been built, Congress must adopt strong privacy laws at least as stringent as the European Union’s global data standards established in its General Data Protection Regulation (GDPR). The FTC should be given rule-making authority and resources to investigate and directly prosecute violations; but by no means should Congress abdicate its responsibility to protect the general welfare of the Americans and allow Silicon Valley to dictate to Congress or the FTC.

Google’s Takeover in the Classroom

Education Week published an article this week about how Google has taken over the classroom over the last five years. This raises student data privacy concerns.

If you’re seeing Google reign in your child’s classroom, Matthew Lynch writes there are three reasons why.

  1. Google devices are cheaper. Lynch writes, “Instead of laptops and tablets that were priced outside of what most schools could afford, Google presented the cheaper Chromebook that came complete with a host of free apps for students and teachers.”
  2. Google Apps makes it easier for students to create and share information. Anyone can get a free account, but they also offer paid services at a special price point for schools. Lynch writes, “Students can create a variety of documents through the Google Docs platform and make their content available to share with others in real-time. The sharing extends not just to classmates, but also to educators who can keep better tabs on what their students are doing and learning on any given day.”
  3. Teachers can be more involved with Google. Lynch writes, “The Google Admin panel allows educators to be more involved in what their students are doing on their Chromebooks. They can monitor controls, upgrade software, enroll new students, and otherwise manage the devices handed out to their class with relative ease. Teachers are firmly in control of what their students can and cannot do on their Chromebooks, an attribute that grows increasingly rarer with all of the modern inventions in technology.”

Read his whole article here.

I can attest to Google apps being a useful tool, I use them myself. I’ve been able to play around with Chromebooks (I currently use a MacBook Pro). I also teach government for a local homeschooling co-op, and often students will send me papers using Google Docs.

Even though they offer useful and inexpensive tools with Google’s assent in the classroom there are obvious data privacy concerns.

Joseph Turow, a communications professor at the University of Pennsylvania, wrote for Fortune:

At the very start, the marketing giant hits you with the deal: By giving up information you allow the company “to show you more relevant search results and ads, to help you connect with people or to make sharing with others quicker and easier.”

Yet it’s not really a fair trade. Most people have little understanding of what they’re actually agreeing to give up. A 2015 national survey my colleagues and I conducted showed that Americans don’t buy the tradeoff idea. It also revealed that 58% of Americans are resigned to what’s taking place. They don’t want companies like Google to have control over their data, but they’ve come to believe they don’t have a choice.

The implications of this are profound. Google’s activities may affect the ads you get, the deals you are exposed to, the purchases you make, the discounts you receive, the entertainment and news you see, and your very sense that surveillance is natural. Plus, Google is only one of a gaggle of large companies involved in these sorts of activities—all the while seemingly hoping we don’t understand and are too resigned to push back.

Google in their privacy policy explains what kinds of data they collect:

Things you do

When you use our services — for example, do a search on Google, get directions on Google Maps, or watch a video on YouTube — we collect data to make these services work for you. This can include:

  • Things you search for
  • Websites you visit
  • Videos you watch
  • Ads you click on or tap
  • Your location
  • Device information
  • IP address and cookie data

Things you create

If you are signed in with your Google Account, we store and protect what you create using our services. This can include:

  • Emails you send and receive on Gmail
  • Contacts you add
  • Calendar events
  • Photos and videos you upload
  • Docs, Sheets, and Slides on Drive

Things that make you “you”

When you sign up for a Google account, we keep the basic information that you give us. This can include your:

  • Name
  • Email address and password
  • Birthday
  • Gender
  • Phone number
  • Country

This has me rethinking my use of Google. While any cloud-based service will store data, not everyone uses it.

While they state they do not sell it or give the federal government access to it, they do use it for advertising. They write:

We try to show you useful ads by using data collected from your devices, including your searches and location, websites and apps you have used, videos and ads you have seen, and personal information you have given us, such as your age range, gender, and topics of interest.

If you are signed in and depending on your Ads Settings, this data informs the ads you see across your devices. So if you visit a travel website on your computer at work, you might see ads about airfares to Paris on your phone later that night.

Advertisers only pay for the ads that are clicked, so its up to Google to entice you. They explain what data is used for ads.

We want to help you better understand the data that is being used to show you ads. Why This Ad is a feature that allows you to click a prompt in order to learn why you are seeing a given ad. For example, you might be seeing that ad for a dress because you have been visiting fashion websites. Or if you see an ad for a restaurant, you may discover it is because of your location. This type of data helps us show you ads about things you might find useful. But remember, we never share this data with advertisers.

Now how does their policies differ for school-owned devices? I doubt it does.

If your student uses Google Apps or a Google Chromebook, the Electronic Frontier Foundation offers a privacy guide for parents for students who use Google Apps or who use a Google Chromebook.

Update: I was challenged by a teacher who provided a link to Google’s education privacy policy, Google says that they do not serve ads or use personal information collected in their education core services. Fair enough, I should have so here it is below. There is an important caveat here: “G Suite for Education users may have access to other Google services.”  In that case, the overall privacy policy applies.

In G Suite for Education Core Services

The G Suite for Education Core Services (“Core Services”) are listed in the Services Summary and include Gmail, Calendar, Classroom, Contacts, Drive, Docs, Forms, Groups, Sheets, Sites, Slides, Talk/Hangouts, Vault, and Chrome Sync. These services are provided to a school under its G Suite for Education agreement and, as applicable, Data Processing Amendment. (Users and parents can ask their school if it has accepted the Data Processing Amendment.)

User personal information collected in the Core Services is used only to provide the Core Services. Google does not serve ads in the Core Services or use personal information collected in the Core Services for advertising purposes.

In Google services generally

Besides the Core Services, G Suite for Education users may have access to other Google services that we make generally available for consumers, such as Google Maps, Blogger, and YouTube. We call these “Additional Services” since they are outside of the Core Services.

The Google Privacy Policy describes fully how Google services generally use information, including for G Suite for Education users. To summarize, we use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer users tailored content, such as more relevant search results. We may combine personal information from one service with information, including personal information, from other Google services.

Google may serve ads to G Suite for Education users in the Additional Services. For G Suite for Education users in primary and secondary (K-12) schools, Google does not use any user personal information (or any information associated with a G Suite for Education Account) to target ads, whether in Core Services or other Google services accessed while using a G Suite for Education account.

Here is their policy for information sharing:

Information we collect may be shared outside of Google in limited circumstances. We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances applies:

  • With user consent. We will share personal information with companies, organizations or individuals outside of Google when we have user consent or parents’ consent (as applicable).
  • With G Suite for Education administrators. G Suite for Education administrators have access to information stored in the Google Accounts of users in that school or domain.
  • For external processing. We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.
  • For legal reasons. We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
    • meet any applicable law, regulation, legal process or enforceable governmental request.
    • enforce applicable Terms of Service, including investigation of potential violations.
    • detect, prevent, or otherwise address fraud, security or technical issues.
    • protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.

They also have a section on parental review and deletion of the student’s information:

The parents of G Suite for Education users in Primary/Secondary (K-12) schools can access their child’s personal information or request that it be deleted through the school administrator. School administrators can provide for parental access and deletion of personal information consistent with the functionality of our services. If a parent wishes to stop any further collection or use of the child’s information, the parent can request that the administrator use the service controls available to them to limit the child’s access to features or services, or delete the child’s account entirely. Guidance for administrators on how to use service controls to accomplish this is available in the G Suite Help Center.

An Example of How Data Clearinghouses Work: Google Pizza

Source: pixabay.com

This was sent to me via email. No one knows the author of this or I would give that person credit. It does a great job illustrating what data clearinghouses do and why Congress should reject the bill that Speaker Paul Ryan (R-WI) and U.S. Senator Patty Murray (D-WA) introduced.

I give you Google Pizza:

CALLER: Is this Gordon’s Pizza?
GOOGLE: No sir, it’s Google Pizza.
CALLER: I must have dialed a wrong number. Sorry.
GOOGLE: No sir, Google bought Gordon’s Pizza last month.
CALLER: OK. I would like to order a pizza.
GOOGLE: Do you want your usual, sir?

CALLER: My usual? You know me?
GOOGLE: According to our caller ID data sheet, the last 12 times you called you ordered
an extra-large pizza with three cheeses, sausage, pepperoni, mushrooms
and meatballs on a thick crust.
CALLER: OK! That’s what I want …
GOOGLE: May I suggest that this time you order a pizza with ricotta, arugula,
sun-dried tomatoes and olives on a whole wheat gluten free thin crust?
CALLER: What? I detest vegetables.
GOOGLE: Your cholesterol is not good, sir.
CALLER: How the ###  do you know?
GOOGLE:   Well, we cross-referenced your home phone number with your medical records.
We have the result of your blood tests for the last 7 years.
CALLER: Okay, but I do not want your rotten vegetable pizza! I already take
medication for my cholesterol.
GOOGLE: Excuse me sir, but you have not taken your medication regularly.
According to our database, you only purchased a box of 30 cholesterol
tablets once, at Drug RX Network, 4 months ago.
CALLER: I bought more from another drugstore.
GOOGLE: That doesn’t show on your credit card statement.
CALLER: I paid in cash.
GOOGLE: But you did not withdraw enough cash according to your bank statement.
CALLER: I have other sources of cash.
GOOGLE: That doesn’t show on your last tax return unless you bought them using an
undeclared income source, which is against the law.
CALLER: WHAT THE ####?
GOOGLE: I’m sorry, sir, we use such information only with the sole intention of helping you.
CALLER: Enough already! I’m sick to death of Google, Facebook, Twitter, WhatsApp and
all the others. I’m going to an island without internet, cable TV,
where there is no cell phone service and no one to watch me or spy on me.
GOOGLE: I understand sir, but you need to renew your passport first. It expired 6 weeks ago…”

Protecting Privacy at the Expense of Privacy

When we think of children, the first thing that comes to mind is their protection; protection from known risks, protection from violence, drunk drivers, illness, and the likes of Madonna and Ashley Judd.  In the age of internet-everything we want kids to be safe from exposure to pornography and child predators who spy on children without our knowledge.  When we’re not with them, we want to find a place where they will be safe and we can feel comfortable they’re under the watchful eye of people who also want to protect them.

Many parents think of school as that place.  We anticipate teachers are concerned for our children’s well-being, Madonna and Ashley Judd won’t be invited for career day, and there wouldn’t be porn or internet stalkers (because we know schools wouldn’t let internet stalkers spy on our kids).

What could go wrong?  How about everything?

As technology has become more deeply embedded in school culture, student level data is being gathered at an accelerated rate.  Tech companies are being given nearly unfettered access to student information via 1:1 devices, online resources and apps used by teachers in classrooms, digital textbooks, and the expansion of adaptive/personalized learning.  Every keystroke, every search term, every bookmark, every internet site, every log-in to a standardized test, is gobbled up, chewed, and swallowed by Big Data.

The proliferation of technology in classrooms has created serious concerns about the glut of data streaming out of classrooms and into the possession of multi-billion dollar corporations.  Google, which has flooded classrooms with Chromebooks, has consistently been the subject of a myriad of litigation involving abusive privacy practices such as intercepting email communications, scanning email for the purposes of targeted advertising, and collecting and data mining children’s personal preferences. A class action filed in March 2016, alleges illegal collection and use of biometric information.  Hello there, creepy internet stalker!

In 2015, Congress passed the reauthorization of the Elementary and Secondary Education Act (ESEA).  However, the bill signed by President Obama failed to either include student data privacy protections or close the loopholes in existing federal law.

In response to mounting evidence of misuse of student data, privacy violations and data breaches, the Software and Information Industry Association and the Future of Privacy Forum collaborated to produce the Student Privacy Pledge, a voluntary effort to commit student service providers to good privacy practices regarding their collection and use of student data.  Since its release in 2014, more than 300 companies have signed the pledge which contains specific prohibitions on selling personal information, and creating student profiles for behavioral targeted advertising.  The pledge was intended to offer reassurances that Google wouldn’t use information about children to inundate them with advertisements.

Since then, many states have adopted legislation to place similar restrictions on how tech companies can use, store, and share student data as it relates to targeted advertising.  Most of the new privacy laws are spearheaded by lobbyists for big data, i.e., Google, Microsoft, and Amazon, and merely codify the Student Privacy Pledge.  If you’re scratching your head wondering why Google, et al, would support legislation limiting their share of what some say will be a $59 billion industry by 2018, ponder no longer.

The Student Privacy Pledge only applies to targeted advertising and states:

“Nothing in this pledge is intended to prohibit the use of student personal information for purposes of adaptive learning or customized education.”

To date, all privacy legislation contains the same or similar language, which means those creepy internet stalkers from whom children need protection get a free pass.  The statutory language carves out an exception that allows service providers to gather student Personally Identifiable Information (PII), for use in digital learning programs.  They just can’t try to sell kids a Happy Meal based web on their browsing habits.

Parents need to know the definition of PII; any data that directly, or in combination with other data, identifies an individual or student, but they also need to understand the breadth of the definition.

For example, privacy statutes and pending bills (see New Hampshire, Oregon, California, Georgia, Arkansas, Maine, Connecticut, Idaho, Delaware, Kansas, and Nevada), define PII as data:

“…including, but not limited to, information in the student’s educational record or email, first and last name, home address, date of birth, telephone number, unique pupil identifier, social security number, financial or insurance account numbers, email address, other information that allows  physical or online contact, discipline records, test results, special education data, juvenile dependency records, grades, evaluations, criminal records, medical records, health records, biometric information, disabilities, socioeconomic information, food purchases, political affiliations, religious information, text messages, documents, other student identifiers, search activity, photos, voice recordings, or geo-location information.”

Biometric information is the measurement of people’s physical and behavioral characteristics.  It can include fingerprints, DNA, face, hand, and ear features, as well as typing rhythm, gait, voice recordings, iris scans, and gestures.  Biometric information has been used by schools to track such things as attendance and food purchases.  However, in 2014, Florida became the first state to ban schools from collecting student biometric data.

Nothing, however, prohibits the use of our children’s fingerprints, DNA, heart rate, or iris scans by multi-billion dollar corporations.  And nothing prevents private corporations from taking this information from students without parental consent.  At a time when aspirin can’t be dispensed to a student without a signed release, a parent’s authority to protect their child from invasive surveillance is non-existent.

Current online data privacy legislation is a ruse.  It ultimately protects very little and makes vulnerable some of the most sensitive, private characteristics of our children.  Parental authority is usurped, student privacy is eroded, and tech giants gather PII under the guise of building educational tools, none of which require biometric information to function.  Personally, I think I’d rather have Google try to sell my child a Happy Meal.