State’s inBloom data-sharing plan under City Council scrutiny

An embattled data-sharing project that state education officials have repeatedly endorsed is on the hot seat today by local lawmakers.

City Council members on the Education Committee want to know more about the plan and how student data will be shared with third-party vendors. Specifically, the committee is reviewing a legislative proposal that would regulate the way that districts can share certain information about students. 

It comes as the state is poised to usher in a new era of how student data is used to inform decisions about classroom instruction. As part of its participation in Race to the Top, the New York State Education Department is using a $100 million database called inBloom that was developed and funded in part by the Gate Foundation. The database was designed to eliminate the data management barriers that face under-resourced districts and schools. 

But there are concerns about how that data will be shared, specifically when it comes to some of the education technology vendors that could contract with districts. Five states that were originally signed onto the project have withdrawn from it.

It briefly became an issue in the mayoral election, and Democratic mayoral nominee Bill de Blasio has said he backs efforts to prohibit data sharing without parental consent. 

State education officials vehemently object to the legislative efforts, which would either require parents to opt into the data-sharing or require schools to give parents the change to opt out. They have argued it would disrupt the way schools work with third-party vendors in many other ways, including transportation, school lunch and attendance. 

Comptroller John Liu, a former mayoral candidate, is among the opponents testifying today in opposition of the inBloom database. His testimony is below: 

Thank you Chairman Jackson and members of the Education Committee for holding this important hearing on protecting the privacy of New York City public school students. I submit this testimony in strong support of proposed New York State Legislation, A.6059-A/S.5932, and in strong support of City Council Resolution No. 1768-2013.   A growing number of New Yorkers are deeply concerned about the New York State Education Department’s (NYSED) and the City Department of Education’s (DOE) decision to release personally identifiable student and teacher data without parental consent to inBloom Inc., a corporation funded by the Bill and Melinda Gates Foundation. I share these concerns as both a New York City public school parent and as comptroller. The initial service agreement between inBloom and the NYSED involved no fee for service or any costs at all and therefore bypasses State and City Comptroller review and registration—though now we have been told that starting in 2015, the State and/or the City will have to pay a per student fee for inBloom’s services. The troubling lack of transparency with regard to what seems to be unprecedented disclosure of personally identifiable information raises grave concerns about the risks, safeguards, liability, and the long-term financial planning associated with this agreement. Last May, I submitted a letter to NYSED Commissioner King and the Board of Regents urging them to withdraw New York State from this project, but the State is moving ahead with its plan. As of one of nine states to participate in the inBloom project, New York State students are guinea pigs for an operation that is driven as much by profit potential as it is for any educational benefit. Louisiana, Kentucky, Georgia, North Carolina, and Delaware have all since withdrawn from the project due to privacy concerns, and there are strong indications that others will follow suit. Just last week, Jefferson County in Colorado, that state’s one pilot district, agreed to allow parents the right to opt-out of having their children’s data shared with inBloom. While it appears that the NYSED and inBloom have satisfied the bare minimum legal standard of the Family Education Rights and Privacy Act (FERPA), I am deeply disappointed that the NYSED has not chosen to adhere to a higher standard of protection for the personally identifiable information of the people it is meant to serve. By inBloom’s own admission, it “cannot guarantee the security of the information stored in inBloom or that the information will not be intercepted when it is being transmitted.” Additionally, save for an immaterial $1,000,000 to $5,000,000 that inBloom will set aside, the State and City have accepted near total liability. In the agreement, inBloom and its third-party partners (whoever they may be) reject just about any liability. Despite the fact that the goal of this project is for inBloom to create a “data store” where third-party providers will use student data to develop products, NYSED and inBloom officials have stated that there is no necessity for parental consent.  In fact, the state has already uploaded or is in the process of uploading personal data from all the public school students in the state, even though hundreds of parents have asked to opt out.  NYSED is also requiring that nearly every school district, including NYC, sign up with one of three companies that will produce “data dashboards” that will be populated with personal data from the inBloom cloud. A few districts that refused Race to the Top funds are exempted from signing contracts with these companies, but their student data is being shared with inBloom anyway. Why must districts that do not want to participate still be required to upload the data? Moreover, starting in 2015, districts will have to pay fees for the use of these dashboards, in addition to the fees charged by inBloom. NYSED is also encouraging districts to share even more personal student information and sign up for even more software tools from vendors who will be provided with this data, through the inBloom cloud, all without parental consent. Indeed, NYSED has told districts that there is no necessity to allow opt-out or seek consent before student data is shared with any vendor, but they have not absolutely barred districts from doing so. Sadly, the City DOE has chosen not to allow either parental opt-out or consent. All this is being done despite the fact that, the “educational benefits” of these dashboards and the other software tools that inBloom is supposed to facilitate are entirely theoretical. We’ve seen this before. In 2007, the DOE announced that the data-management portal ARIS would “revolutionize” the school system, but a 2012 audit by my office demonstrated that the system is rarely if ever used and appears on the brink of becoming obsolete. As for inBloom, even with the potential of “educational benefits,” the “data store” would have a more immediate, commercial benefit for third-party, for-profit providers. Others concerned with this plan have adroitly pointed out that in light of the heavily commercial elements of the agreement, inBloom and the NYSED have failed to conform to child protection standards for Personally Identifiable Information set forth by the Federal Trade Commission. This is worthy of a deeper look. All of this is to say that the NYSED’s legal argument could put the State and City in risk of serious liability. Also disconcerting is the fact that the service agreement clearly states that inBloom “cannot guarantee the security of the information stored in inBloom or that the information will not be intercepted when it is being transmitted.” The agreement further states that inBloom will take all “reasonable and appropriate measures” to protect the data. This is hardly reassuring language,especially when breaches of security and loss of privacy happen with increasing regularity even in the most secure domains. Currently, inBloom is a lean operation and has sub-contracted with Wireless Generation (now Amplify) to help with the management and protection of the data. Wireless Generation/Amplify will or currently has access to student and teacher personally identifiable information without having to obtain informed consent. Wireless Generation/Amplify’s parent company, News Corporation, is in the midst of several high-profile criminal trials in the UK for egregious privacy violations and seems likely to undergo a full-scale US Senate investigation once those trials are finished. This raises further questions about the integrity of the inBloom agreement. Additionally, settlements and liability claims for data breach are on the rise. A recent report about data security threats in the health sector finds that settlements have the potential to reach $7 billion annually. Many data breaches are not typically malicious or criminal in nature and are often accidental—lost computers, employee error, etc. The simple reality is that technologies that promise greater productivity and convenience especially through the use of file-sharing applications and cloud-based services are extremely difficult to secure. As you know, these are the exact services that inBloom and its third-party party affiliates are promising to New York. Another concern has to do with the long-term financial plan for inBloom. As stated, inBloom intends to be financially independent from the Gates Foundation by 2016. Right now, it seems the Gates imprimatur is the glue that holds this agreement together, but what happens when Gates is no longer involved? How does inBloom guarantee that it will be sustainable and financially solvent—especially as most of the states that originally planned to participate have now pulled out of any data-sharing agreement? People ought to have confidence in the State’s and City’s ability to effectively safeguard personal information, yet there is a troubling lack of transparency in what seems to be an unprecedented disclosure of personally identifiable information. I would like to reiterate what I asked the NYSED and the Regents to do last May: 1.      Hold public hearings throughout the State to explain why this agreement should be pursued, answer questions, obtain informed comment, and gauge public reaction; 2.      Notify all parents of the data disclosure and provide them with a right to consent; 3.      Define what rights families or individuals will have to obtain relief if harmed by breach, improper use, or release of their private information, including how claims can be made; 4.      Ensure that the privacy interests of public school children and their families are put above the commercial interests of inBloom, Wireless Generation, and all other third-party affiliates. I would like to add to this list my support for the legislation being considered by the State, A.6059-A/S.5932, that would block re-disclosures with any third-parties, without parental consent, and would require vendors to indemnify the City and State for any breaches of data. Finally, in today’s technological age, people regularly broadcast personal information on social networking sites and provide information to internet vendors, but they do so willingly. No one wants to learn that their personal information, and especially their child’s, has been handed over to an anonymous marketplace without their prior knowledge or consent. Thank you.