 Hello and welcome on a cold day, really delighted to see you all here. My name is Urs Gausser, I'm with the Bergen Center. I'm here with a fabulous team, the student primacy team at Bergen. This is a wonderful opportunity to actually have a conversation about what is the state of student primacy in 2015. So what we're going to do over the next hour is really look at the ways in which digital technology has actually started to fundamentally change education. And we'll assume in on one particular issue, which is privacy, or so we'll put that into context as well if you want to take a seat. So the game plan is we start with a brief update and share some highlights of an initiative that we've been running at Bergen for three years now, called the Student Price Initiative. It's been roughly one and a half years since we had a launch on reporting our findings and so it's a good time to catch up. We'll do so however very much in the spirit of using that just as a platform to open up a conversation. We're also very happy that we have a few collaborators in the room who have been working with us over the years and we'll invite them also to share updates from their work. And then of course we'll have for discussion more boldly. There is also an online question tool that we encourage especially our remote participants to use as well as the feedback handle hashtag Bergen SPI. So just to kick things off, here's a brief introduction what the Student Price Initiative has been about. So we set out at the moment where the digital revolution really started to impact the educational sector. One and a half years ago when we gave this presentation we compared the situation roughly to what happened early 2000 with entertainment. Remember the moment where Napster was born and the whole digital media crisis started. We made a parallel of what has happened since roughly 2012 when the education field with the entertainment industry. And so what we came up and became interested in is really to understand what are the implications of this digital revolution within education. Our focus from the beginning was on K to 12. Now obviously today I think there is a shift towards higher education but when we started there was a lot of interest in what's happening and there still is of course what's happening in K to 12. So what we've been doing at Bergen is as we often do it is using our role as a facilitator and using some of our convenient power to bring together different stakeholders, teachers, school administrators, technology experts, privacy experts, policy makers, but importantly also youth, young people. We'll hear more about that from Polina in a few minutes. In addition to conversation what are the opportunities as we introduce digital technology to schools but also what are some of the challenges especially what are some of the privacy concerns and modifications. And most importantly what can we do in order to harness the potential of digital technology in education but also safeguard student privacy. So we've hosted a number of round tables of workshops inviting multiple stakeholders with the goal to map both opportunities and challenges with a focus on privacy and work towards recommendations, good practices that inform school administrators, teachers, but also public policy makers. So that's been the project. When we started there was 2012 roughly there was one big topic and that was cloud computing. At this moment in time many schools actually started to use cloud computing technology whether it's at the platform or infrastructure layer or at the application layer in the classroom. For instance to using collaborative tools for the students but also cloud based tools to interact with parents to manage the data of students like grades and health information and many other things and ultimately with the goal to improve learning and education. So there was this moment where schools started to work with private vendors, technology companies such as Microsoft, Google and many others and started to outsource their data storage and data hosting. Now that process of no longer having student data in-house on premise but rather work with cloud providers led immediately to a number of serious privacy concerns. Especially parents who are very concerned and still are that student data may actually be hacked as it is somewhere in this cloud. So according to one survey 87% of parents are concerned that data storage in the cloud, student data may be hacked or stolen. There are lots of concerns. You see here a list of some of the issues and questions we addressed earlier. The second concern that came up immediately in this transition moment was the commercial use of student data. Many of the cloud providers or to be all of them are commercial entities, right? They do business. And quite often many of these companies not all have business models that are based on advertising, analyzing data and delivering personalized ads to users. And so there is concern and a lot of debate and also regulation and lawmaking to figure out how far should that go with adult so that data collected in schools is the basis for advertising. Very troubling of course some of these practices and there's still a lot of debate going on how to put limits to some of these commercial uses of student data. So what we've tried to do early on is again convene multiple stakeholders working with industry but also experts, schools and the like to come up with at least initial guidelines how to sort out these problems. Turns out that one challenge is, and we'll hear more about that I hope later today, one challenge is that as you can even get from the student introduction cloud technologies type of things. If you were to look at the contractual agreements between the school for instance and the company, these are complicated contracts. Often it's actually not so clear what the company, the cloud provider do with the data. So there are lots of questions that require a lot of time to work through for a school official or for a teacher. So what we hope to do with our work, with many collaborators is actually to provide some guidance to people on the ground how to sort out these technological issues, how to understand the risks but also to better understand how good contracts look like or best practice contracts can look like. Now of course one of the characteristics is also that the digital space is moving so quickly. And while we started with a heavy focus on cloud computing today and especially over the past year or two, we deal even with a more complicated set of issues. It's no longer only cloud computing. We see now very significant aggregation of data within different prominent entities including public schools. So you see a lot of data aggregation. You see student information systems emerging. The most famous one in this field is in volume. Many of you have certainly read about it. Compiling over 400 data points per student. So you can imagine all sorts of data are suddenly hatched from grades and school performance data through health and behavioral data, disciplinary data. And that of course again triggers all sorts of concerns that now go far beyond the question of, may there be a data breach or may that be issued commercially but rather what about discrimination based on that data? What about predictive analytics and learning analytics? What's the promise of that sort of new technology but also what are the potential pitfalls? We can talk more about the normative implications but there are lots of concerns coming together that are related to the use of data and no longer only related to the collection of data as in the first phase of our work. So here you see a number of questions again that we've been exploring over the past two years in the same mode of having multidisciplinary and multistakeholder conversations working towards recommendations. In parallel we've seen a lot of activity in the legislative arena. We'll hear more from Dalia about that in just a minute. And that's only the beginning. Arguably the third phase like Student Privacy 3.0 if you will is about to start. The first two phases, the focus was very much and the conversation was largely centered on formal institutions of education particularly schools, public schools. But nowadays the digital technology enables us to create these connected learning environments. The learning that happens in the social space or in the private space that happens in libraries or happens in after schools or in city environments now becomes connected with the learning experiences and the education that happens in formal education institutions. So the key word there is connected learning spaces and technology builds the enabler of such a learning space with great potential of course especially for interest in learning, create new pathways also for learning in schools and so on. But again amplifies of course some of the privacy concerns we already talked about. Suddenly you have very different players working in such a connected learning space. It's no longer formal educational institutions that are heavily regulated by law. Startups, Silicon Valley tech companies that of course may have very different interests in mind or different goals than public schools. So the space gets more complicated. That's the environment we are in currently. We can expand on that but I just want to introduce it very briefly. The last point I want to make just to give you a flavor of the kind of issues we've been looking at and some of the takeaways from this initiative and then we'll have three quick deep dives into individual issues from a number of perspectives. First it seems to me that privacy has become some sort of an early warning system for more fundamental structural shifts in the information system. Think back the analogy to the entertainment and digital media crisis. There it was intellectual property particularly copyright that was kind of the issue number one when technology started to change the industry. And sometimes reactions like that where courts start to get nervous and legislators start to get nervous when a new technology hits. That can be seen as a precursor of something in the layer. While it was IP arguably the entertainment industry I would say its privacy in the education environment that signals something is going on that is not just a transitional moment but there is a more fundamental shift with respect to information and data and collection sharing and analytical practices. In all that and working three years on this initiative I think one key takeaway from this bird's egg perspective is certainly how important it is to get the facts right. I made the point already looking at cloud computing the technology we're talking about is maybe easy to use but not so easy to understand. What's happening in the cloud right? Who knows exactly. We don't know how a data center really worked. Well there are some exceptions and people you know but generally speaking you know we're not that clear what's actually happening in the data center. We don't fully understand what companies are doing with the data so there's a transparency in the knowledge gap. So it's very important as we have these conversations about privacy, about the benefits for those of the risks of technology in education to inform the conversation by experts coming from very different areas and environments. If you follow the news over the past two years with respect to privacy in students it's been largely driven by emotion and again this may just amplify the importance especially when we talk about lawmaking or school practices that we really try to inform ourselves what's going on, what's the real risk assessment but also about the benefits. Another takeaway for me and for us I allow you to speak on behalf of the whole team here is the importance of multi-stakeholder processes and I want particularly to emphasize the importance of including teachers for those young people in the conversation about ed tech and privacy. It's one thing if parents or policymakers or administrators are sitting together and discussing what's an appropriate use of technology and data sharing and the like in schools but it's another thing actually to talk to teachers who often are just really motivated and empowered by the digital tools that can use to make learning experiences better. So it's very important in our view to include multiple stakeholders and particularly teachers and young people in these conversations. Student privacy is also interesting as an experience or exploration because you've seen how the law responds to technological change. You've seen that in the industry I've talked briefly about copyright and IP, you see it here with privacy. We have seen over 180 bills new laws introduced at the federal and state level in response to the concerns I flagged. You'll hear more from Dali about it. So it's getting really messy and really complicated even to track the different bills. So you see the law struggling yet again with this digital revolution as it happens in this particular area of society. Law and other key takeaway is part of the answer but certainly not the whole answer. Arguably I'm going to conclude it may not be the first answer. As we are in a field that is so quickly changing where technology is changing, constantly evolving, where user behavior is adapting, where privacy attitudes and values of students and teachers are changing. Law is just kind of too slow. It's not always helpful. So what we have seen and learned in our conversations is that there is really an important role for industry to play, an important role for schools and school districts to play to come up with good practices or best practices as things are so much evolving and in the box at a given time. And we hope with our work to inform these debates and we can go deeper what some of the things are that have emerged in the ecosystem that work and others that may not work. The final point I want to make is despite all the activity we've seen, whether it's the attempt to create good practices, best practices, to create clearinghouses, to provide information about which apps are privacy-friendly or not, to engage in conversations about lawmaking and policymaking in this space, despite all this activity, what it boils down to is that we still think we need to have a conversation as parents, as teachers, educators, full administrators, as kids, learners, more broadly, about what are our values when it comes to education. What are the promises of technology for learning, for education? What are the risks and how do we balance these things? I think that's still a learning process we have to go through as a society to balance and clarify the values and also balance between computing new coins and computing values. And that conversation still I think needs to crystallize somehow, needs to reach a point where we have a better understanding. And only then I would argue that lawmaking can be a healthy tool because before we do really know in what direction we want to go, it doesn't make much sense to enact rules or introduce additional deals. So in that sense, looking at this list, student privacy becomes kind of an interesting placeholder for many of the debates we see currently going on about the regulation of digital technologies, about the benefits of the internet, and also some of the risks associated with it. That has made it very exciting for us to work on it. Again, these are some opening highlights, high-level highlights that hopefully give you more appetite about what we're going to read to, but also for the deep dives by my colleagues. We thought it might be helpful to approach it from three different perspectives, reflecting this multi-stakeholder approach. First, Leah, I think you will talk about the perspective of schools and school districts and administrators will then have Dahlia presenting and sharing rules on the policy space and what we've seen in the policy legal arena and then putting up and proving with remarks about what our teachers and students are making out of this. Thank you very much. I have a couple of brief snapshots that provide a lens into the bigger picture. First up there, you'll see a plea that appeared online earlier this year from the teacher who runs the after-school program at a West Virginia high school. He went to a crowdfunding platform and said, I want Fitbits for my students in my after-school program, and he has a very thoughtful explanation of the country's obesity epidemic, West Virginias, I think particularly having a tough time with that, and how Fitbits would help his students learn to work toward goals incrementally at a macro level and also on a micro level help them achieve fitness goals. So, his Fitbits got funded and they went to his students. Next, the snapshot you'll see is a report that came out in the Washington Post also earlier this year, reads, did the school principal mistreat little Johnny? Did little Johnny have it coming? I was a little disturbed by, but okay. And let's go to the tape. And what the Washington Post was recording there is that schools are starting in some places, schools and districts to have principals and other administrators were body cameras. So that's something that we've been seeing certainly with our police forces and other public spaces, but now we're starting to see it in schools. And these two snapshots together illustrate a couple of bigger picture trends. The first, as we heard earlier, we're starting to see new types of technologies find their way into schools. We're seeing internet of things, sensor networks, robotics, and beyond. And we're starting to see those technologies find their way in both what we might think of as the front door. So I'm assuming that the principal who's wearing the body camera, the article didn't say, but based on conversations I've had with school leaders as well as industry vendors of products like this, is that those types of products tend to come in the front door. That tends to be an agreement that the school or the district is entering into to have their administrator use that product. Now, the first example about the very enterprising West Virginia teacher and his after-school program, that doesn't come across as something that was necessarily coming from the top down. We might think of that as a bit more of a back door going in through a window, if you will, where you have a teacher who saw a need, identified a great product that could fill the need and brought that product into his after-school program. Now, both of these different ways in have their challenges and their opportunities. So the opportunities being when you're talking about that front door or top down, you have more and more vendors entering the ed tech space with new types of technologies, with new uses, going directly to school and district leaders and saying, why don't you try this out? And in an era where schools are being consistently asked to do more with less, that can be very appealing. So there's an opportunity there. The challenge, of course, is once that technology is in the door, how does it transform the learning environment and what new responsibilities are schools either implicitly or explicitly agreeing to take on. So under the body camera scenario, what's going to happen to all that footage we've seen actually in my home state of New Hampshire very recently? We've seen some litigation over release of body camera footage. We've seen that in many other cities around the country right now. What's going to happen in particular if that body camera is not worn by a school principal acting as an educator but by a law enforcement officer, sometimes called an SRO school resource officer who's in that school building wearing the body camera and still a member of the police force, but there with a memorandum of understanding with the school. Who owns that data? What are they doing with it? And what kind of accessibility might obstacles have to it under the state versions of a FOIA or a right to know request? When technology is coming in the back door as it were, you also see both challenges and opportunities. Opportunity, you have a great identification of a product. You get the need filled. Challenge, when I talk to principals and district leaders, they don't necessarily know what technologies are in their classrooms. And some of them get a little freaked out by that. Some of them seem kind of more cool with that. But the bottom line is that between bring your own device, which is continuing to gain momentum, between new technologies coming into individual classrooms, leadership at the top is really feeling a lot of pain around understanding what's in their classrooms, how it's working, what's happening with the data and what their responsibilities are vis-a-vis that data. I'm not even talking legal responsibilities, but more normatively, how should the school leaders be thinking about that data so that they're continuing to advance their roles and responsibilities as educators rather than perhaps drifting over into becoming more of an arm of law enforcement or a broader surveillance operation? Last but certainly not least, I just wanted to flag that part of what is creating, I think, this complexity for school districts and leaders is not just the ed tech that is being adopted in their classrooms or in their hallways, whether it's front door or back door. It's students using technologies in their home, on the bus, in other places, so they're using their own devices. It's not that they're bringing them to school. It's that as a marketplace survey found, parents are saying almost 100%, 98% of students are using technology in some way, shape or form to do their schoolwork. So data is everywhere, and that creates another layer of complexity for these leaders. So I think one of the basic steps that we're starting to see school leaders thinking about taking or taking is just an inventory of who's doing what, where, why, and how. And there's some districts that are sort of light years beyond that because of where they've chosen to invest their time and resources. But I think when I talked to about 200 school leaders at the Harvard Graduate School of Education over the summer, that sort of initial step of surveying was proving to be very important. And with that, I will turn it over to my colleague Dahlia for a more basic survey of the legal landscape. So bear with me a little bit. I am talking nuts and bolts law, and I realized many of you, that's like, okay, time to go to sleep. But in order to contextualize all of this, I think it's important to understand the landscape. So where are we today? At the federal level, generally, we are governed by three federal laws. The first is the Family Education Rights and Privacy Act, generally referred to as FERPA, just for a little context. This law was drawn up in the 70s. You can imagine the type of technology available in classrooms back then. It was really an attempt to create a framework to provide students and their parents both access to their education records and also protecting the privacy of those education records. So in the brick and mortar world, this seems a little bit simpler. Add in technology, it suddenly became very challenging to define how to comply, especially with the consent mechanisms which are involved in this law, and some of the exceptions that apply to certain types of collection and sharing of information. The second law that applies in this space is the Protection of Pupils Rights Amendment. Again, a little bit of context. The PPRA originally was intended to give students the opportunity to opt out and certain privacy protections around certain types of information that may be collected of students' subjects and surveys funded by the Department of Education. So again, this was a very narrow law trying to protect students who often became subjects of research and other types of surveying because they're walking to a classroom and the professor wants a group of people to survey for particular research. Perfect, captive audience. So it was providing them the opportunity to opt out if certain sensitive information was collected about them. Now, moving forward, the No Child Left Behind Act amended the PPRA to provide certain protections for the K-12 set, particularly providing additional opt-outs for parents for instance if information is being collected for marketing purposes. So definitely applicable when you start introducing commercial tools into the classroom or into schools. But again, it's an opt-out so you can imagine it's starting to get difficult to manage both for schools, teachers and vendors as to how to manage opt-outs, opt-ins. Particularly imagine a teacher who wants to use a tool, historically, they didn't get everyone's consent when they wanted to use a textbook but now if they want to use an online tool that may do rich, innovative, wonderful things they might have a parent maybe block the whole thing or have disparate teaching environments for different students which may or may not be optimal. Finally, the Children's Online Protection Privacy Protection Act. COPPA governs essentially commercial vendors and it governs how these commercial entities can collect information from children under the age of 13. Essentially another consent regime in order to collect personally identifiable information from kids under the age of 13 you need to gain the consent of parents and that means a meaningful consent whether it's a signed document and there's some other mechanisms. So all good lies with a lot of purpose but difficult to manage in this space particularly with how fast-moving technology is. In addition to that, the enforcement power of the agencies doesn't reach all the parties involved in the chain of data collection. FERPA and PPRA are both administered and enforced by the Department of Education and COPPA is administered and enforced by the Federal Trade Commission. FERPA and PPRA only apply to programs and educational institutions funded by the Department of Education and COPPA only applies to for-profit institutions. So now you start thinking about non-traditional learning environments and they completely are unguided as to what they need to do which is why the best practices that Orr's mentioned earlier are so critical in this space. So what has happened since our computing entered the classroom? The gaps had been identified by numerous people including ourselves and so what has happened is flurry and when I mean flurry that's a little understated of state-level legislative action in 2015 alone is mentioned by Orr's 46 states and produced over 182 bills related to student privacy. That's this year alone. So imagine if you're a school is it the law of the vendor that applies or is it the law that applies to your school? Likewise if you're a vendor is it the law of your jurisdiction you're in California, your servers in California but you're trying to have your tool used across the country what laws apply to you? If you're a parent how on earth are you going to navigate this? You may have never read a law in your life so and then students it even gets more complicated. So what are the challenges I've already mentioned the enforcement gap. This is a challenge both for efficiency and also understanding of what laws apply when particularly as libraries, museums and other spaces are starting to take over some of the traditional educational roles this is becoming even more complicated as well because they want to use technology to help connect people provide access all very positive uses of technology. Different standards again what standard applies if one state has very low bars with respect to privacy and some have very high bars with respect to privacy what should be the default where should the law land? What are these laws based on? Is it data driven? Is it not? Is it reactionary? Jurisdiction is a huge challenge obviously this is a challenge outside of the educational space in the tech sector but it's something to be taken into consideration which is why in a minute I'll talk a little bit about what's going on at the federal level right now and the effect of innovation so there are many positive uses of technology in the classroom we talked about using Fitbit to help students learn fitness in order to curb I don't know childhood obesity or what not this all sounds really good but when health data and biometric data is being collected by a device that could be then shared with insurance company or other types of organizations you can imagine the very negative uses of this type of information so what are the norms around the information and how should law be involved in this conversation? So as I mentioned there's not only state action happening right now but in light of the confusion that's happening because of the many, many building in the state level federal legislators have also taken note and decided to either propose laws based on some of the state laws for instance so pipeline California seems to be held out as a good standard they're also proposing amendments to FERPA most of these are to both curb the use of or the collection of information for marketing purposes and also extending enforcement agencies power to apply to companies as well as schools and vice versa to kind of fill in those gaps in my opinion I think we need to think a little bit more cohesively about this in order to prevent unintended consequences both in recent hampering educational and classroom the first is if we're going to create laws create laws that anticipate unforeseen technologies as we're seeing right now we're kind of in the situation because no one anticipated cloud computing in the classroom internet of things in the classroom you know body cameras that's a new one I have a whole conversation there laws should also be scalable to enable positive uses of technology in the classroom what do I mean by this so right now there's all this friction because of the consent regime and some friction I will say is good but in other cases it can actually completely unravel very positive uses of technology for students in the classroom so how can we make laws more scalable our consent regimes are often opt out regimes which are kind of pulled from the commercial privacy regime that has developed in the United States are those appropriate in this context I would actually venture to say that maybe we should think a little bit differently about this and think about enumerating positive uses and allowing those and enabling those pretty freely and then creating friction only where friction is needed for instance commercial uses of information and also creating security standards etc. that would obviously need to evolve over time to address technological innovations and changes HIPAA's worked with that with some challenges that's in the healthcare space but I think from a security standpoint there may be some good work to be learned from and gleaned from that regime third I think there needs to be clear enforcement and remedies to be established to incentivize the creation of systems that are privacy protecting by default so what does this mean create remedies that are actually meaningful right now FERPA the remedy is withdrawal of funding from the educational institution now how many times do people think that has happened of course no one has lost their funding we need to continue teaching our students we need to continue providing tools to our students it's the wrong remedy it's almost too strong which makes it completely ineffective in addition we need to hold people accountable throughout the data collection chain that includes schools vendors and also potential and with a ton of education for students teachers and parents alike as well as administrators and finally we need to broaden the definition of educational institutions to create a regime that's consistent throughout educational environment that means include maybe think about how we might define educational institutions to include massive online classrooms to include libraries museums or other institutions so that we're thinking about providing guidance to the entities and institutions that are delivering these tools to our students with cohesive and consistent guidance to create easier pathways for compliance and protection of privacy with that I will pass it on of course something that we really focused on is convening a multi stakeholder perspective and for us that really means focusing on what teachers students and parents not only what's happening in their schools but also how they feel about it and as we've seen over the last few years technology has become increasingly ubiquitous but we're also seeing this context collapse between the educational and the whole and other various environments that learners are in so good examples of that would be bring your own device policies where devices are being used both in the home and at school or social media relationships between teachers and students or former students with their former teachers so as this one young person talks about she feels like her identity in the home and in school and among her friends is very very different and she would like to keep those things separate so she has very strong opinions about whether she would like to be friends with her teachers on Facebook or not we also hear from young people that they are concerned about college admissions officers and what they can see they're concerned about what their parents can see they are thinking about privacy a lot and it's really important to really respect what they think and also help advocate on their behalf so something we've really focused on as I mentioned is highlighting the youth voice so over the last year we've been experimenting with this week in student privacy newsletter that comes out every week and over the last month or so we've begun to experiment with using media as a platform to highlight some of these youth voices and personal essays and really think about other ways in which we can empower students and teachers to be heard by the policy makers and districts that they're involved with now bring it back to Urs talk a little bit more about what's next so my suggestion is actually we open it up here I also acknowledge that we have a few collaborators in the room who have a lot of thoughts on where things are headed from here and I was wondering Steve whether I could put you on spot since you are actually working in the business so you represent the Cambridge Public Schools system so any thoughts you want to share with us where have you life where is this head well you kind of just described my work environment and everything I deal with every day so actually I did want to show a couple so Zia had alluded to how some districts put a lot of resources into this area and a lot of time and effort and in Cambridge is one of those so last time we were here we talked about the kind of system we have in place to vet online applications and I'm really focusing on the 1.0 piece of the project the cloud apps and the data so we have a very well established process of vetting online applications that teachers are using and reaching out to every contractor and asking them to sign our standard student data contract and another piece of that is communicating this to the community to the parents to the teachers and all the stakeholders and this is a public facing website on the Cambridge Public Schools website that lists all the applications that are approved and it shows the applications their purpose what great level on content area as well as the actual contract that's in place with the vendor the actual executed contract so we're trying to be as transparent as we can with the parents and the community the next piece we want to add to this website is going to be the data elements that are actually being shared with the contractor we're just trying to decide at what level that makes sense to the parents you know grouping the data elements together with demographics and grades to see what's going on if they have a child in sixth grade and ELA these are the applications being used this is the data that's being exchanged and here's the contract language that's protecting that data so you know this has been in development over years in Cambridge and last spring when I presented I talked about how we just begin to share this with Boston so Boston agreed to use the same contract as Cambridge so we could say the vendors if you wanted to use the same contract and then this past summer that worked very well we said why not open it up to all schools in the state and so we created just as a grassroots effort Massachusetts Student Privacy Alliance and invited any schools in Massachusetts that wanted to use the same contract to join and just voluntarily say we're going to use the same contract so any vendors that you're going to engage with they'll send out the same contract and what we end up with is if you click on any of these schools you'll see the same kind of list that you saw for Cambridge of what applications they're using as well as you can search the database by application and see what school districts are using those applications as well as those that have declined to sign the contract so and this is just starting they don't have things in there yet but they've all agreed to do it it's really just a few months old we see this as kind of a snowballing effect because as the vendor signs the contract with Cambridge they have now done away with that whole negotiating process for all the other districts and Massachusetts that have signed on to the MSPA because that that piece of negotiating the contract with the vendor is a huge time resource and I can't tell you whether it's a small vendor or a large vendor whether they're going to sign it right away and bring it back or you can end up negotiating for six to eight months around the contract so the more we can educate vendors and schools and come through agreement and common terms around those contracts the quicker that turnaround will be and we'll get in the way of the innovation in the classroom and then just lastly what's coming now as we move forward was previously the SIF Association has agreed to kind of take that same model and expand it across the country for those of you not familiar with SIF Association it's a nonprofit that enabled school interoperability framework so it's a consortium of schools and vendors it's in US, UK and Australia and this would seem to be a perfect fit for them to take the MSPA model and extrapolate it across multiple jurisdictions in other states so the first two states have agreed to kind of take this on or Virginia, Wisconsin and Maine hopefully will expand that MSPA model Thank you so much for this very helpful update and also for the great leadership role you're playing you mentioned transparency as kind of one possible approach and I was wondering Kate from ACLU you just produced a report in which transparency also kind of ranks among the tools in the toolbox how far does transparency go and how much additional law do we need or what are other ways to deal with this hard problem as we are in this transition Yeah, so can I pull up the is this on? Virginia Can you hear me? Yeah, yeah I'm going to this so my name is Kate I work with the ACLU of Massachusetts and we just recently put out a report about the state of student privacy here in Toronto and because the beautiful tool that we were just showing by the way from January to not get this when we started looking into this we had to go through the long arduous and frustrating process of filing public records with a variety of school districts of the state 35 school districts asking for all sorts of information predominantly though we were interested in examining the contracts between school systems and student information system companies and then also we were interested in looking at what kinds of frankly malware is installed on the devices that schools provide to students to use both in school and take home essentially we found what we were afraid of finding in some cases which is that there's really a patchwork across the state of policy that is not at all consistent we actually one thing that's really exciting to me about the Massachusetts Student Privacy Alliance project is that we found through examining this very long process of reading thousands of documents we found that school systems that wrote the contract that drafted the contracts the school systems and corporations providing third party services generally provided more privacy protections than schools that simply signed whatever the company drafted contract said and so you know we recognize after discovering this that some school systems like Cambridge and Boston are probably better equipped to have general counsel who maybe has more experience dealing with these things than really small districts that essentially end up screwing their kids over time or whatever to really go through the process from the ground up themselves so this is great I think that what you guys have done probably is going to go a long way towards addressing that problem that we discovered we also though discovered that generally school systems are not doing a great job communicating with parents about three critical things one is what kind of information they're collecting about their kids who that information is shared with under what circumstances what kinds of information parents can ask to opt out of the collection of or sharing of and how that process works so it should be very clear to parents that you can know that the MSPA website is great we would love also to see very clear instructions at the beginning of the school year given to all parents that lay out in simple terms not a long contract or in terms of service agreement that's very complicated to read and most people probably frankly don't read but that simply lays out this is the kind of information we're collecting about your kid this is who we intend to share it with this is why and this is how you can opt out of certain kinds of disclosures we really want to see that implemented across the board and it's not the case today the last thing I'll say is that like we feared there a lot of schools in the state are using key loggers and filtering filtering technologies that don't only keep track of you know websites that are banned that students try to visit but all web traffic in a school system or even on a computer that or a tablet that students are encouraged to take home and essentially use it it's their own on this kind of internet tracking we find to be totally repugnant unnecessary on the same sort of tack almost across the board in Massachusetts school acceptable but absolutely no privacy protections for students and basically said students have no right to privacy on the device or on the internet we can search anything at will for no reason at all and we have a really serious problem with that there's a Supreme Court case from the 1980s called New Jersey VTLO which is a little problematic because we think it sort of reduced the standard of searches in schools from probable cause to reasonable suspicion but nonetheless held in that case I believe it was 1985 that students have a right to privacy in their backpacks and notebooks that school administrators cannot simply rifle through a kids notebook without any reason to suspect that they have violated the school policy unfortunately that's not the case in Massachusetts today when it comes to devices that obviously as the Supreme Court held in this past session in Riley and Murray hold much more information than a notebook so our view is that schools should implement policies written policies that say that administrators and teachers will not search either through a student's internet history or their communications or their device without at least bare minimum reasonable suspicion that a student has violated school policy so what we're looking for now is for Massachusetts to join the dozens of states as you guys have said that have passed modern privacy legislation and we're what I take away from your description is student privacy is a shared responsibility and there are many players who have to be part of the solution you also highlight and enforce the role of the waiters and the best candidate for it we're very fortunate actually to have Anna Lillian with Microsoft who has been a physicist and supporter of our student privacy issue and I was wondering if I could put you in the spot so obviously Microsoft has been a leading voice in the debate about student privacy but more broadly what's the role of the industry and where do you see things here as we go into this kind of connected world yeah, thanks for it it's a pleasure to be here the thing that's so interesting to me since you first started this research is how much the kind of conversation has changed so when you first started looking at this there was quite a divide about student privacy and what information collected should anybody really be worrying about what companies are doing and they're really now in the tech industry at least is kind of a consensus that shouldn't be advertising to students when they're doing their work and even more there's a consensus that you shouldn't be profiling what students are doing I understand that because of the ACLU that big schools are doing it but I think companies now tech companies are coming to view that yeah that really isn't appropriate and we shouldn't be doing that either so that's really a big step forward I think that we've gotten that far and I think the other thing is there's a consensus around the ed tech world that they shouldn't be immune from the rules that apply to schools so FERPA like the ed tech world as well and then finally I think there is an emerging consensus that we've got to figure out what it means to use student data to help them learn and you know there's all this potential about innovative learning and individualized learning profiles we've got to figure out what the lines are and what you can do with that and how it can really go forward so I take that you know these folks are on the forefront addressing questions that really were important and we've seen the world kind of real baseline things we have to work on there's a lot more that has to be done but you know from our perspective it's really very gratifying to see our industry coming to a point where we agree on those fundamental Thank you and Mary also for this slightly more optimistic which is encouraging and it's amazing as well so thank you all for chiming in and sketching from different perspectives the state of student privacy we'd like to open up for a few questions we have a few more minutes are there alternative viewpoints that haven't been presented here do we have students in the room? students do we have a spot over the past? I'm in the past for that sorry I'm not a student either but my question is is there any consensus about who owns this data please this is my personal opinion I think when we start talking about ownership of data we really are having the wrong conversation I think it's about custodianship in the US intellectual property rights which is what usually people think about with ownership do not apply the data and I think it should be the true custodian should be the individual the data is about and then it's about who as a custodian that has access to that data responds to the agency that's being handed to them by the individual so I personally try to veer away from ownership because I think it starts getting into commercial conversations which are ill equipped to address the privacy concerns in the space the other we want to comment on this that's okay we can take another question I appreciate it Dorothy if I could this is not my field so I'm coming from outside I work mostly with college age students I'm very interested again on how intimacy is achieved at college age with everything that's now out there but listening to you people I was truly chilled because I had this kind of running sense of New Yorker cartoons of what could happen with what is undoubtedly a profound change in education in a relationship among the parents the child the teacher and the administration and one of the cartoons I was imagining was the teacher says to this kid you do that once more and you're going to the principal's office so the kid looks at his body equipment says to his mother what should I do your mother's listening and the mother says tell the teacher you've got to get your lawyer before you go and the profound sense of the profound trust between a youngster and a teacher is clearly being changed so it's more like industry I pay for this I'm entitled to this and this is what it should be but I want to direct everyone's attention if you're interested in this field Stanley Hoffman was one of the great professors at Harvard for almost 50 years and his memorial was this week former students of long time distinguished professor at MIT gave a talk on what it is to establish eye contact with the professor and comparative with books and what she would have missed was individual but she had never had stand these odds and I've been thinking about it ever since for those of us of generations where everything is what did the teacher say to you he said to the teacher and I just hope we can keep that model in mind because everything that people serve is both exciting and chilling and how do we maintain both the strength of this education system and others if I may briefly I would say that I think one of the ways we do it is to draw on a point Dahlia made earlier that we start enumerating positive acceptable uses of data and we start also delineating unacceptable or negative uses and I think through those kinds of conversations not necessarily in law and regulation but in terms of at the school level at the district level at the community level we start coming up with shared norms and best practices that preserve space for mentoring for epiphany right we don't want data analytics in the learning space to get so predictive that somebody doesn't try picking up the trumpet because the program to tell them and also to make mistakes and learn from them I think those are some of the hallmarks of education that we need to try to protect from a values-based perspective through shared conversations to come to that kind of agreement Thank you Dorothy and we have one question here Hi my name is Neal and I just graduated from HKS up the street so my question is I'm wondering if there's any consensus emerging around standards to anonymize student level data and I ask because often times if you look up data on a state's website you'll find it aggregated and that takes a lot of the value out of it so for example if you have student level data on performance on individual standards you could districts could really do things like allocating resources more flexibly like coaches or tutoring that's just one example so just wondering about that the tricky basis of identification so legally I mean this goes to who has access to the information and for what purpose so legally under FERPA a school may have access to the data in a completely identified way because they have to administer education to their students etc there's also in the presently existing laws requirements to de-identify etc with a certain type of sharing unless you gain actual consent the parents are the student if they're over the age of 18 sorry about that so I think the constructs are already there to allow for schools use of information for the purpose of educating their students but also what are the rules with respect to ancillary uses of that information that do actually require de-identification and divorcing the student and when we're talking about research that's what the PPA is intended to address as well and I think thinking about how to create how to merge together the various regimes the IRB laws and the research laws to help facilitate robust research but also protect people's privacy which is critically important when you're really thinking about ways where very positive research could have very detrimental effects if that information got into the wrong hands so thank you and the story of course gets more complicated in environments where you have the risk of re-identification of data anyway but you have a question I guess Thank you so much my name is Devin Chaffee and I'm the executive director of the ACLU in New Hampshire which is one of those states that has in fact adopted several student data privacy laws in recent years and I actually want to recognize that Microsoft actually played an incredibly positive role in shaping the online student data build that past I wanted to bring the discussion back for a minute to the quote that Paulina very briefly please Yes, yes just about the right of students to have a private life outside of school not subject to school surveillance because the quote of the 14-year-old that you provided was really not talking about her concern with what the school is doing with the data that they are collecting at the school but about the student's ability to have a private online life and so we have adopted laws in New Hampshire to try to prevent that from happening to prevent say schools from asking students for their online IDs and passwords but I was wondering to what extent has your project looked into that issue Paulina, do you want to answer this and then also close the session I have you know there's so many different aspects of student privacy to address that's one area in depth in Cade might actually have more information about that in terms of the school districts in Massachusetts one thing that we have found though in talking to young people is that many of them are as I mentioned very concerned about privacy and many of them have told us that they don't put things on the internet that they wouldn't want other people to find out ever and so one of the concerns that I have is about where they can express themselves online so that's an area that you know we would love to continue to study and thank you so much for coming if you have any other questions or concerns our email addresses are on this last slide we are continuing to you know have these conversations around student privacy and around some of these other really critical issues in these new learning environments and we would love to chat thank you you