I have had an interesting week at work. On Tuesday I met the newest Federal Trade Commissioner, Terrell McSweeny. Responding to a tweet she made about student privacy, I wrote her. Thank heavens our democracy still does exist, she offered an invitation to talk. Very grateful for the opportunity, I used the time to share with her my concerns about student privacy in general and FERPA in particular in light of some unregulated practices in education enterprise cloud computing.
Contemplating the discussion, I reflected on the historical development of the F.C.C. proposal for “net neutrality” as an analogy. Ten years ago, under Commissioner Powell, the F.C.C. created “principles” about the Internet. Drafted in the context of the categorization of the Internet as an “information” service, rather than the more regulated “common carrier” status of telephony, these principles were in support of U.S. Internet policy to let a thousand flowers bloom for this new technology. When some weeds cropped up in the soil of our free market -- I.S.P.s “discriminating” content via bandwidth shaping and content allotment -- “free Internet” advocates called upon the F.C.C. to act. Taking some of these actors to court, Comcast and Verizon, the F.C.C. discovered an authority conundrum in its defeat. This year the F.C.C. has raised some of those principles, net neutrality in particular, to the level of a rule made through administrative legal process to give the agency authority to act. We all await the outcome of that process.
Loosely compared, the F.T.C. may be at a similar place where the F.C.C. was ten years ago. Persistent challenges exist in cloud computing for the education sector to protect student privacy and comply with FERPA while still taking advantage of the opportunities for effectiveness and efficiencies that cloud computing offers. Market dominance of Google in particular, its contracts by URL and picking school districts and colleges and universities off one by one with non-disclosure agreements, its circular reasoning in policies about not displaying “ads” in order to data mine for the furtherance of its own profitable business practices places the education community, as well as libraries and government, in a compromised position from which it cannot rely on the market alone to get out. In addition to the grossly unfair bargaining power, the smoke and mirrors of technological and business practices that to most people are translucent at best, it has silenced the CIO community which fear for their own jobs to raise say much about it. In short, technology and the market have outstripped the law and social norms about privacy with the not-for-profit sector in the bull’s eye of the target.
As an American historian, I recognize such circumstances as precisely those that require a more active role on the part of government to correct. Therefore, it was with three “principles” I went into the Commissioner’s office: (1) transparency; (2) action on unfair and deceptive trade practices; and (3) informed consent.
Under the first category, the public overall as consumers, but critically the education sector, must not be deprived from the basic information about technological operations and the relationship of those operations to the vendor’s business model. Because the sophistication of the technology is such that it cannot be understood without an educated eye into its processes, oversight is also required. The National Academy of Engineers, for example, could offer relatively objective review without violating “intellectual property” rights such as patents to provide the requisite understanding of the technology as to allow experts from other fields, business and legal scholars for example, to comment on the relationship between technology and business.
Unfair and deceptive trade practices are the natural province of the Federal Trade Commission. Whether or not there have been violations might be cause to convene a study on this subject. Not only would such an action be within the F.T.C.’s wheelhouse, subpoena power lies within it. Given the revelation about Google’s data mining and profiling for business purposes in Apps for Education service that emerged as an incidental in the Gmail discovery process, it is critical to that the government exercise its rights in this area that remain unavailable to school districts, colleges and universities. Protecting those without the power to protect themselves is in large part what the F.T.C. and other governmental regulatory agencies is for. Let’s use it.
Finally, informed consent should become the foundational principle of how consumers get out of shrink-wrap and click through licenses. A subject worth far more than a blog post, suffice it to say that current methods of consent fall well beneath the level of understanding and agreement that is implied in the term itself. But allow me to dig a little deeper into the complexity of this challenge specific to enterprise contracts. The tool bar in Google Aps for Education is a good example. Along side the apps included in an enterprise contract, such as mail or docs, sits ones that are not, such as YouTube or the Blogger. Try explaining that distinction to the parents of a grammar school child or to the student. You can go here and here and here, but you can’t go there and there and there if you want to protect your privacy or that of your education records … Forget it! For children below the age of 13, in other words elementary and middle school, the law should require Google or any other vendor that uses this trick to remove consumer apps from the tool bar of an enterprise product. For students in high school or college, notice should occur when moving from the enterprise to consumer app. How hard can it be at this stage of user interfaces to create a drop down box that states in plain English the switch with an “OK” button to click?
So let’s review: the education community – which may come to represent consumers in general – requires principles of transparency, action on deceptive and unfair trade practices and meaningful informed consent from Internet companies that offer “free” services, especially in enterprise contracts.
By the end of the week I was at the Charleston Library Conference. I had the honor to speak about these issues before an audience of people who have given their lives to the preservation of learning and knowledge. And in the course of our discussion we reminded each other of why we cared. Privacy is a prerequisite to the kind of personal autonomy necessary to be a critical thinker and thus is the ground upon which we construct the intellectual tools to discharge the responsibilities we bear in citizenship. Echoing our founding parents in a town renown for both the Revolutionary and Civil Wars, blood that they shed for such principles, made the significance of my work week all the more poignant.
Read more by
Opinions on Inside Higher Ed
Inside Higher Ed’s Blog U
What Others Are Reading