FunnyMonkey Blog

Bill Fitzgerald | March 25, 2015

Over the last few years, we have been looking at ways in which privacy policies and data stewardship can be improved. Over that time, one of the issues we have encountered repeatedly is that it is difficult to track how and why policies change over time. This lack of transparency hurts people who want to learn about privacy, and how an application treats student data. It also hurts companies - these decisions should be part of organizational culture, and losing them means losing an opportunity to see how a company has evolved and improved over time.

These issues are addressed via a small, simple change: placing terms of service, privacy policies, and other related policy docs on GitHub. Over on the Clever blog, Mohit Gupta has a great blog post describing how...

Bill Fitzgerald | March 23, 2015

In the recent days, people have attempted to justify doxxing. Ironically, a person was doxxed in the name of student privacy. I didn't think that it would be necessary - in the education space - to have a conversation about why doxxing is a very bad idea, but here we are.

I left the text below as a comment but I wanted to post this here as well so I have a copy.

If you are in the education world, or the technology world, please speak up on this issue.

From the comment:

I noticed in reading through this most recent post that you omitted this pretty thorough debunking of both the doxxing angle, and the actual conflict of interest that has been used to justify the doxxing: http...

Bill Fitzgerald | March 14, 2015

As part of their work on PARCC, Pearson appears to be monitoring social media accounts for mention of the test. This monitoring appears to make no distinctions between student accounts, teacher accounts, or anyone else.

This recently came to light when an email from a school superintendent in New Jersey was shared publicly. I'm including a version of the email in this post for context. However, unlike many other places where this was shared, I am removing the sender's name and contact info. In this post, we'll also address some of the issues around how this story came out.

Superintendent email - cellphone pic of printed text

From the above email, it sounds like something like this happened:


Bill Fitzgerald | March 6, 2015

Clever recently updated their privacy terms, and their method and process provides a good example for other companies to replicate.

First, they checked their privacy policy and terms of service into Github. This is a simple step that any edtech company can do. By having terms checked into git, we automatically get an annotated changelog of how terms evolve. This log is a great step toward increased transparency. All companies are using some form...

Bill Fitzgerald | March 5, 2015

Microsoft, Google, and Apple all maintain app stores with sections dedicated to education.

Unfortunately, within the EdTech space, many vendors lag behind broader industry standards around security - including basic things like encrypting connections and logins via SSL.

If Microsoft, Apple, and Google all started...

Bill Fitzgerald | February 25, 2015

The Civil Rights Project has an updated report on rates of suspension in schools that came out on February 23rd. The report has some great details that show the scope of the issues facing us as we attempt to dismantle the school to prison pipeline.

But as I read about disproportionate rates of suspension based on race, I also think about the increased use of School Resource Officers, which place a beat cop in many schools. This results in school discipline issues becoming criminal justice issues.

This all takes place against the backdrop of the growing pushback against Common Core aligned assessments. Getting into the full scope of these arguments is not the focus of this piece,...

Bill Fitzgerald | February 23, 2015

Privacy Policies and Terms of Service specify the rules under which an application can be used. They cover a lot of ground, and in this post, we are going to leave a lot out and focus on one specific element of the policies: how data collected by an application gets handled if the structure of the company changes.

In earlier posts, we have described how data collection within education is different than in consumer technology. In general terms, educational applications will require data to support a learner, and collect data about that learner as they work. The context within which that data is collected is pretty focused: it supports a learning process as defined by the software. In theory, the learner gets a benefit, and the data trail documents the process by which the learner earned the benefit.

If a company is sold, merges with another company, or goes out of business, the context within which data...

Bill Fitzgerald | February 18, 2015

I'm not one to bury the lede, so here's the question:

If you are a company that markets a product to learners, parents, teachers, schools, or districts, how does claiming the right to sell user data in case of bankruptcy improve your product?

Here's a related question for learners, parents, teachers, school decision makers, and district decision makers:

If you are using a service, how does the sale of your personal information improve the learning or experience you get from that service?

Many services and software applications marketed as education technology really function more as data collection tools with an interactive front end. One key distinguishing feature between a data collection tool and an actual edtech app is how the company pledges to treat your data. Privacy policies and terms of service provide the clearest view into the rights a company claims over your learning experience.

Bill Fitzgerald | February 12, 2015

Natasha Singer has a couple of very strong articles highlighting weak or nonexistent security practices within many education technology (or EdTech) companies.

It's hard to say if this is just a poorly kept secret or the elephant in the room, but it's good to see the lax practices of EdTech companies getting more mainstream attention. It's needed - it's been needed for a while - and Singer's articles are part of the solution.

As I'm writing this, people are talking in Congress about the need for improved legislation to protect student privacy. And they are right, and I...

Bill Fitzgerald | February 7, 2015

The opt out movement is gaining steam. However, current opt out efforts often overlook or gloss over one essential element in the current educational landscape: disaggregated data at the school and district level.

The widespread use of disaggregated data was part of No Child Left Behind. The use of disaggregated data at the school level meant that schools now reported information on different populations within them. Rather than report just a schoolwide average, schools reported on specific populations, based on race and socioeconomic status. This brought increased focus - and in many cases, new focus - on how schools supported or didn't support different populations. The use of disaggregated data provided a starting point for discussing longstanding and long-ignored achievement gaps.

And, while you won't find many people arguing...


Subscribe to FunnyMonkey Blog