By Julianne Malveaux
As the FBI battles with Apple about privacy protection and the need for the technology company to break down computer firewalls, I wonder who will, exactly, be protected, when technology companies go fishing to find protected information from their users. It is not so much that those who use troll cyberspace through their tablets and telephones, but that it makes sense to understand how much information is available. In other words, that which is perceived as private isn’t always private. Who has privacy protection?
I am especially concerned that students are vulnerable to data breaches, and that hackers are able to invade university spaces. Young people, who have not yet had the opportunity to establish a credit identity, are at risk when hackers get into databases that provide social security numbers, and other protected information. While legislation attempts to protect those whose privacy is violated, enforcement is too often challenging. Tens of thousands of students have their identities at risk, and they have little protection from hackers.
On February 4, 2016, the University of Florida announced that “as many as 63,000 current and former students and staff had their names and social security numbers compromised.” The school has taken steps to inform those who were affected by the breach, including mailing letters and launching both a website and a call center. That’s an adequate first step. Even after the immediate concerns have been addressed in the wake of this latest hacking incident, underlying issues surrounding student privacy remain.
In 2015 alone, 182 bills in 46 states were introduced to protect student privacy. Many of these efforts are focused on what happens within public schools, funded by taxpayer dollars, and rightfully so. As a former university president, I’m all too familiar with many of these issues, even as new ones emerge every day. Too many students find their identities compromised because of hacking. Too many spend dozens of hours (if not more) attempting to protect themselves from hackers. Identity theft is a real problem, and too many of the solutions require people to spend more time than they have forging solutions.
Technology both enables us and shackles us. Our educational system is enhanced by the software that is becoming more deeply embedded in our education system on a daily basis. At the same time, this software may provide an extraordinary access to student data. How do we balance privacy concerns with access to data? One advocacy group found that “school-issued Google Chrome books upload private student data to the cloud by default, including web history. Chrome books also track students on school-assigned accounts when they navigate to Google-owned services that aren’t segregated as ‘educational’ (non-‘educational’ products include Google Maps, Google Books, and YouTube).”
Student privacy protections are also important for after school programs. Largely unreported on by the media, the student test preparation company The Princeton Review was purchased last year by The Match Group, an online dating umbrella company that owns the hookup app Tinder, as well as Match.com, OkCupid and dozens of other online dating websites. Online dating sites are notorious for their failure to protect user data – according to the Electronic Frontier Foundation, “Your profile is indexed by Google. While this isn’t the case for every online dating site, OkCupid profiles are public by default and indexed by Google. … Even something as small as a unique turn of phrase could show up in search results and bring casual visitors to your page. … last October researcher Jonathan Mayer discovered that OkCupid was actually leaking personal data to some of its marketing partners.”
Do our students have any privacy as they troll the Internet, visit dating sites, and offer more information than they want others to know? As we have conversations about privacy, have we focused on the young person who is most vulnerable to a pernicious information sharing that puts young people at risk? A loose patchwork of regulations exists to protect student privacy in the United States, and little oversight of private company interactions exists at either the state or federal levels. This is especially true of data sharing between first parties, as both Tinder and Princeton Review are designated under their joint ownership. Rules have been proposed in the past that would “prevent separate businesses owned by the same company from both being considered ‘first parties’ and thus being able to freely share information with each other,” but little has actually been done.
Conversations about privacy do not often, unfortunately, focus on students and their special vulnerability. Yet, as we grapple with technology challenges, students are among those who will require special attention. From capital buildings to courtrooms to classrooms, privacy issues are going to loom large in this modern age of technology. Even as we enable students to use technology to enhance their possibilities, so must we also encourage them to use technology to manage their future options?
Legislators have focused on privacy issues, but they have been remiss when they have refused to deal with the privacy rights that students have. Too many data companies have too much access to student data. Too many who are concerned with justice issues must raise legitimate questions about the rights of our students, especially minors who can be more easily targeted in data mining operations. While there are appropriate conversations about privacy rights for adults, there must also be conversations about the privacy needs of young people and students. Cyberspace isn’t always the safest space. If the law will protect the privacy of adults, it must do so much more to protect the privacy of minors.