New York

State’s inBloom data-sharing plan under City Council scrutiny

An embattled data-sharing project that state education officials have repeatedly endorsed is on the hot seat today by local lawmakers.

City Council members on the Education Committee want to know more about the plan and how student data will be shared with third-party vendors. Specifically, the committee is reviewing a legislative proposal that would regulate the way that districts can share certain information about students. 

It comes as the state is poised to usher in a new era of how student data is used to inform decisions about classroom instruction. As part of its participation in Race to the Top, the New York State Education Department is using a $100 million database called inBloom that was developed and funded in part by the Gate Foundation. The database was designed to eliminate the data management barriers that face under-resourced districts and schools. 

But there are concerns about how that data will be shared, specifically when it comes to some of the education technology vendors that could contract with districts. Five states that were originally signed onto the project have withdrawn from it.

It briefly became an issue in the mayoral election, and Democratic mayoral nominee Bill de Blasio has said he backs efforts to prohibit data sharing without parental consent. 

State education officials vehemently object to the legislative efforts, which would either require parents to opt into the data-sharing or require schools to give parents the change to opt out. They have argued it would disrupt the way schools work with third-party vendors in many other ways, including transportation, school lunch and attendance. 

Comptroller John Liu, a former mayoral candidate, is among the opponents testifying today in opposition of the inBloom database. His testimony is below: 

Thank you Chairman Jackson and members of the Education Committee for holding this important hearing on protecting the privacy of New York City public school students. I submit this testimony in strong support of proposed New York State Legislation, A.6059-A/S.5932, and in strong support of City Council Resolution No. 1768-2013.  

A growing number of New Yorkers are deeply concerned about the New York State Education Department’s (NYSED) and the City Department of Education’s (DOE) decision to release personally identifiable student and teacher data without parental consent to inBloom Inc., a corporation funded by the Bill and Melinda Gates Foundation. I share these concerns as both a New York City public school parent and as comptroller.

The initial service agreement between inBloom and the NYSED involved no fee for service or any costs at all and therefore bypasses State and City Comptroller review and registration—though now we have been told that starting in 2015, the State and/or the City will have to pay a per student fee for inBloom’s services. The troubling lack of transparency with regard to what seems to be unprecedented disclosure of personally identifiable information raises grave concerns about the risks, safeguards, liability, and the long-term financial planning associated with this agreement.

Last May, I submitted a letter to NYSED Commissioner King and the Board of Regents urging them to withdraw New York State from this project, but the State is moving ahead with its plan. As of one of nine states to participate in the inBloom project, New York State students are guinea pigs for an operation that is driven as much by profit potential as it is for any educational benefit. Louisiana, Kentucky, Georgia, North Carolina, and Delaware have all since withdrawn from the project due to privacy concerns, and there are strong indications that others will follow suit. Just last week, Jefferson County in Colorado, that state’s one pilot district, agreed to allow parents the right to opt-out of having their children’s data shared with inBloom.

While it appears that the NYSED and inBloom have satisfied the bare minimum legal standard of the Family Education Rights and Privacy Act (FERPA), I am deeply disappointed that the NYSED has not chosen to adhere to a higher standard of protection for the personally identifiable information of the people it is meant to serve. By inBloom’s own admission, it “cannot guarantee the security of the information stored in inBloom or that the information will not be intercepted when it is being transmitted.” Additionally, save for an immaterial $1,000,000 to $5,000,000 that inBloom will set aside, the State and City have accepted near total liability. In the agreement, inBloom and its third-party partners (whoever they may be) reject just about any liability.

Despite the fact that the goal of this project is for inBloom to create a “data store” where third-party providers will use student data to develop products, NYSED and inBloom officials have stated that there is no necessity for parental consent.  In fact, the state has already uploaded or is in the process of uploading personal data from all the public school students in the state, even though hundreds of parents have asked to opt out. 

NYSED is also requiring that nearly every school district, including NYC, sign up with one of three companies that will produce “data dashboards” that will be populated with personal data from the inBloom cloud. A few districts that refused Race to the Top funds are exempted from signing contracts with these companies, but their student data is being shared with inBloom anyway. Why must districts that do not want to participate still be required to upload the data? Moreover, starting in 2015, districts will have to pay fees for the use of these dashboards, in addition to the fees charged by inBloom. NYSED is also encouraging districts to share even more personal student information and sign up for even more software tools from vendors who will be provided with this data, through the inBloom cloud, all without parental consent.

Indeed, NYSED has told districts that there is no necessity to allow opt-out or seek consent before student data is shared with any vendor, but they have not absolutely barred districts from doing so. Sadly, the City DOE has chosen not to allow either parental opt-out or consent. All this is being done despite the fact that, the “educational benefits” of these dashboards and the other software tools that inBloom is supposed to facilitate are entirely theoretical. We’ve seen this before. In 2007, the DOE announced that the data-management portal ARIS would “revolutionize” the school system, but a 2012 audit by my office demonstrated that the system is rarely if ever used and appears on the brink of becoming obsolete.

As for inBloom, even with the potential of “educational benefits,” the “data store” would have a more immediate, commercial benefit for third-party, for-profit providers. Others concerned with this plan have adroitly pointed out that in light of the heavily commercial elements of the agreement, inBloom and the NYSED have failed to conform to child protection standards for Personally Identifiable Information set forth by the Federal Trade Commission. This is worthy of a deeper look. All of this is to say that the NYSED’s legal argument could put the State and City in risk of serious liability.

Also disconcerting is the fact that the service agreement clearly states that inBloom “cannot guarantee the security of the information stored in inBloom or that the information will not be intercepted when it is being transmitted.” The agreement further states that inBloom will take all “reasonable and appropriate measures” to protect the data. This is hardly reassuring language,especially when breaches of security and loss of privacy happen with increasing regularity even in the most secure domains.

Currently, inBloom is a lean operation and has sub-contracted with Wireless Generation (now Amplify) to help with the management and protection of the data. Wireless Generation/Amplify will or currently has access to student and teacher personally identifiable information without having to obtain informed consent. Wireless Generation/Amplify’s parent company, News Corporation, is in the midst of several high-profile criminal trials in the UK for egregious privacy violations and seems likely to undergo a full-scale US Senate investigation once those trials are finished. This raises further questions about the integrity of the inBloom agreement.

Additionally, settlements and liability claims for data breach are on the rise. A recent report about data security threats in the health sector finds that settlements have the potential to reach $7 billion annually. Many data breaches are not typically malicious or criminal in nature and are often accidental—lost computers, employee error, etc. The simple reality is that technologies that promise greater productivity and convenience especially through the use of file-sharing applications and cloud-based services are extremely difficult to secure. As you know, these are the exact services that inBloom and its third-party party affiliates are promising to New York.

Another concern has to do with the long-term financial plan for inBloom. As stated, inBloom intends to be financially independent from the Gates Foundation by 2016. Right now, it seems the Gates imprimatur is the glue that holds this agreement together, but what happens when Gates is no longer involved? How does inBloom guarantee that it will be sustainable and financially solvent—especially as most of the states that originally planned to participate have now pulled out of any data-sharing agreement?

People ought to have confidence in the State’s and City’s ability to effectively safeguard personal information, yet there is a troubling lack of transparency in what seems to be an unprecedented disclosure of personally identifiable information. I would like to reiterate what I asked the NYSED and the Regents to do last May:

1.      Hold public hearings throughout the State to explain why this agreement should be pursued, answer questions, obtain informed comment, and gauge public reaction;

2.      Notify all parents of the data disclosure and provide them with a right to consent;

3.      Define what rights families or individuals will have to obtain relief if harmed by breach, improper use, or release of their private information, including how claims can be made;

4.      Ensure that the privacy interests of public school children and their families are put above the commercial interests of inBloom, Wireless Generation, and all other third-party affiliates.

I would like to add to this list my support for the legislation being considered by the State, A.6059-A/S.5932, that would block re-disclosures with any third-parties, without parental consent, and would require vendors to indemnify the City and State for any breaches of data. Finally, in today’s technological age, people regularly broadcast personal information on social networking sites and provide information to internet vendors, but they do so willingly. No one wants to learn that their personal information, and especially their child’s, has been handed over to an anonymous marketplace without their prior knowledge or consent.

Thank you.


What's Your Education Story?

As the 2018 school year begins, join us for storytelling from Indianapolis educators

PHOTO: Dylan Peers McCoy/Chalkbeat
Sarah TeKolste, right, and Lori Jenkins at a Teacher Story Slam, in April.

In partnership with Teachers Lounge Indy, Chalkbeat is hosting another teacher story slam this fall featuring educators from across the city.

Over the past couple of years, Chalkbeat has brought readers personal stories from teachers and students through the events. Some of our favorites touched on how a teacher won the trust of her most skeptical student, why another teacher decided to come out to his students, and one educator’s call to ramp up the number of students pursuing a college education.

The event, 5:30 p.m. Thursday, Sept. 13, is free and open to the public — please RSVP here.

Event details:

5:30 p.m. to 7:30 p.m.
Thursday, Sept. 13, 2018
Tube Factory artspace
1125 Cruft St., Indianapolis, IN 46203
Get tickets here and find more on Facebook

More in What's Your Education Story?

School safety

Hiring more security officers in Memphis after school shootings could have unintended consequences

PHOTO: Jahi Chikwendiu/The Washington Post/Getty Images

Tennessee’s largest district, Shelby County Schools, is slated to add more school resource officers under the proposed budget for next school year.

Superintendent Dorsey Hopson earmarked $2 million to hire 30 school resource officers in addition to the 98 already in some of its 150-plus schools. The school board is scheduled to vote on the budget Tuesday.

But an increase in law enforcement officers could have unintended consequences.

A new state law that bans local governments from refusing to cooperate with federal immigration officials could put school resource officers in an awkward position.

Tennessee Education Commissioner Candice McQueen recently reminded school personnel they are not obligated to release student information regarding immigration status. School resource officers employed by police or sheriff’s departments, however, do not answer to school districts. Shelby County Schools is still reviewing the law, but school board members have previously gone on the record emphasizing their commitment to protecting undocumented students.

“Right now we are just trying to get a better understanding of the law and the impact that it may have,” said Natalia Powers, a district spokeswoman.

Also, incidents of excessive force and racial bias toward black students have cropped up in recent years. Two white Memphis officers were fired in 2013 after hitting a black student and wrestling her to the ground because she was “yelling and cussing” on school grounds. And mothers of four elementary school students recently filed a lawsuit against a Murfreesboro officer who arrested them at school in 2016 for failing to break up a fight that occurred off-campus.

Just how common those incidents are in Memphis is unclear. In response to Chalkbeat’s query for the number and type of complaints in the last two school years, Shelby County Schools said it “does not have any documents responsive to this request.”

Currently, 38 school resource officers are sheriff’s deputies, and the rest are security officers hired by Shelby County Schools. The officers respond and work to prevent criminal activity in all high schools and middle schools, Hopson said. The 30 additional officers would augment staffing at some schools and for the first time, branch out to some elementary schools. Hopson said those decisions will be based on crime rates in surrounding neighborhoods and school incidents.

Hopson’s initial recommendation for more school resource officers was in response to the school shooting in Parkland, Florida, that killed 17 people and sparked a wave of student activism on school safety, including in Memphis.

Gov. Bill Haslam’s recent $30 million budget boost would allow school districts across Tennessee to hire more law enforcement officers or improve building security. Measures to arm some teachers with guns or outlaw certain types of guns have fallen flat.

For more on the role and history of school resource officers in Tennessee, read our five things to know.

Sheriff’s deputies and district security officers meet weekly, said Capt. Dallas Lavergne of the Shelby County Sheriff’s Office. When the Memphis Police Department pulled their officers out of school buildings following the merger of city and county school systems, the county Sheriff’s Office replaced them with deputies.

All deputy recruits go through school resource officer training, and those who are assigned to schools get additional annual training. In a 2013 review of police academies across the nation, Tennessee was cited as the only state that had specific training for officers deployed to schools.