6 min read
NOTE: An earlier version of this post included language from a draft version of a NY Assembly bill. Thanks to Paige Kowalski for pointing this out. END NOTE
Earlier this week, New York State pulled out of inBloom. While this has been hailed by some as a victory for privacy, it's worth noting that the data points that are collected - and have been collected for the last several years - haven't changed. The federal accountability requirements driving much of the data collection that currently occurs haven't changed. In New York, the withdrawal from inBloom means that districts are right back where they started: managing data collection and accountability reporting on their own. And it's worth noting here that all of the student data that was going to be stored in inBloom is already collected and stored in a statewide data repository, and that none of these conversations address data collection taking place via other apps and services.
Districts deserve the ability to control where their data is stored, what tools are used to store and manage it, and where the servers containing that data are located. While many districts do not appear to be doing a particularly effective job of exercising this control at present, that doesn't mean that districts should just cede this responsibility outright. New York's approach to the inBloom rollout was top down and paternalistic. inBloom, for it's part, failed to respond to and counter the narrative that the entire purpose of inBloom was to collect as much data as possible, and then sell that data to marketers, advertisers, and other corporate ne'er do wells.
New York State backing out of inBloom is less a victory for actual privacy than it is a change in software procurement. As discussed above, the data collected by schools has not changed, and the fact that it is stored in a single statewide source has not changed. The software used to store it, however has changed. It's comparable to a district banning the use of Microsoft Word - it doesn't mean that people won't create text documents; they'll just use different software to do their work.
The majority of the coverage - and most of the ongoing discussions about data collection and privacy - ignores the reality that data collection and management is a zero sum game. There are a limited number of vendors that can manage state and district level data storage, so not using one option means choosing another. As noted earlier in the post, New York State's decision to pull out of inBloom isn't a shift in data collection policy, it's a shift in what software and tools are provided to districts. As they have done in the past, districts are now outsourcing data storage to vendors, or maintaining solutions in-house. In New York, removing inBloom at the state level creates opportunities for the existing players - Pearson, eScholar, Infinite Campus, Agilx, Clever, etc - to sell directly to districts and regional educational agencies. So, the push to move away from inBloom to keep student data out of the hands of vendors creates opportunities for student data to flow directly to other vendors. Outsourcing data handling to vendors also requires adequate contracts to safeguard data, which many districts fail to do. And, even if districts get the contracting right, and/or maintain their own service, data compromises are, unfortunately, commonplace - as of March 27, 2014, over 725 data breaches have been reported in K12 and Higher Ed since April, 2005. Many of these breaches have occurred because of human error or interference, not because of hacking.
To be clear: the approach inBloom and New York took was incredibly flawed. But, unlike every other option that exists, inBloom provides an open source option that could have been adopted independently by districts, or regional service providers, or state educational agencies. It's possible to use inBloom - the software - without interacting with inBloom, the organization. inBloom provided a real alternative that could be used to break the dependency on vendors managing and storing student data. The fact that so few people understand the implications of this is probably the single biggest failure of inBloom, the organization.
Looking at this nationally, New York pulling out of inBloom is only good news for the other players in the space. inBloom had the potential to shift the dynamic in how states and districts managed their data. If inBloom had focused on supporting states and districts setting up their own hardware - rather than setting up a hosted solution where inBloom managed the servers - we might be having a different conversation now. However, with New York out of the picture, inBloom is pretty heavily tarnished, which helps the pre-existing players continue to expand their control over the market. One of the major concerns cited about using inBloom was that it would allow student data to be used to develop adaptive learning. However, if a student is using an electronic text from a textbook publisher, this is likely already happening. Pearson's partnership with Knewton shows exactly what this looks like. The move away from inBloom is a move to "protect" students from what is already happening.
But really, all of this is misguided. The lens of "privacy" is at least partially broken, as it relegates students to an observed object in system where they have limited input. Our considerations of privacy will remain divorced from learning (remember learning? It's why we do this whole school thing) until we recognize and acknowledge that students (or their parents) need to be the ones to control and reflect on any information that is collected about learning. Now, the emphasis is on building systems that collect data on students, to push content at them. We're not seeing much work on systems that empower students to reflect on their learning over time, and selectively share that information. Our data collection policies and habits reflect the reality that our educational system is more outcome-centered than student-centered. If we corrected this misplaced emphasis, we could do a better job educating all children, and improve privacy concerns along the way.