Googling Education Is Student Data Really Private?
By Charles Sosnik
Remember when Sergey Brin and Larry Page, the founders of Google, went public in 2004? I remember thinking that the initial price of $85 per share seemed a little high. In retrospect, the only one high was me, for not grabbing a hefty chunk of shares from the IPO online auction.
In 2004, the Google company was predominately a search engine and revenue was generated from online advertising. Then Google began building through a string of more than 200 acquisitions, rounding out the company’s capabilities with YouTube, Android, Motorola Mobility and many others. Fast forward to 2019 and the search engine with the quirky little name and page rank technology has become the 3rd most valuable company in the world with an $822 billion market cap and almost 100,000 employees. They have graduated from search to search and destroy, with your children’s privacy hanging in the balance.
OIL THAT IS, TEXAS TEA
“Data is the new oil.” That quote, first attributed in 2006 to a UK data scientist named Clive Humby, was made popular in a 2017 report published in The Economist. The report began, “A NEW commodity spawns a lucrative, fast-growing industry, prompting antitrust regulators to step in to restrain those who control its flow. A century ago, the resource in question was oil. Now similar concerns are being raised by the giants that deal in data, the oil of the digital era. These titans—Alphabet (Google’s parent company), Amazon, Apple, Facebook and Microsoft—look unstoppable. They are the five most valuable listed firms in the world.”
The idea is, the more data a firm collects on you, the better they can sell you. The more they sell you, the more data they collect. And of course, with all that data, they can “share” it with their friends.
“So, what,” you say. “I have nothing to hide. Who cares if Google knows what toothpaste I use, where I like to go on vacation, what medications I take and what car I want to buy?” I might tend to agree with you if Google hadn’t made a hard charge into education a few years ago, and if my kids didn’t have cell phones and didn’t use the Internet. But Google did, and my kids do – and so do yours.
THE PRICE OF SUCCESS
Did you ever wonder why so much of what Google provides is free? Free Apps, free G-mail, free searches, free maps, free Google Drive, free calendar, free Google Hangouts, free Google Earth, free Google Classroom?
Years ago, I needed to download a “free” flashlight App on my Google-owned Motorola Android phone. In exchange, the App wanted access to my photos, my location, my contacts and basically every bit of data on my phone. Obviously, I knew I should flatly refuse the intrusion. I quickly weighed the cost of giving the App access to all my data. As a journalist I fully understood the ramifications of giving my data to a company that would keep it forever and possible sell it hundreds of times.
Two seconds later, I clicked Download. Ten seconds after that, I was the proud owner of a shiny new flashlight App. Each successive App I acquired came with less consternation and guilt. They already had my data, so why not continue to download “free” Apps?
In the old economy of the past, the mantra was, “Build a better mousetrap and the world will beat a path to your door.” Then it was, “Build a better path to your door and the world will buy your mousetrap.”
Now, they just give you the mousetrap. In the new economy, free sells.
ANDROID PHONES, CHROMEBOOKS AND THE GOOGLE PLAY STORE
At last count, there were 2,953,235 Apps available on the Google Play Store. Of those, 95.4 percent are free. 252,024 are designated as free education Apps. It’s an amazing opportunity for parents and schools. Or is it? One would assume that if an App created for education is available through Google’s Play Store, it must be safe and comply with the Children’s Online Privacy Protection Act (COPPA). In fact, this is rarely the case.
Denise Tayloe is CEO of PRIVO and is a recognized leader and authority in children’s online privacy, customer identity and consent management. Tayloe’s company helps organizations navigate the opportunities and challenges of implementing COPPA. “We have spoken to countless developers and online service providers over the years who are quick to tell us they are COPPA compliant and do not trigger COPPA since no personal data is directly being collected from children under 13,” said Tayloe. “Companies also like to boast their lawyer has made sure they are COPPA compliant. Being in the trenches for over a decade helping companies obtain COPPA certification, we can tell you in most cases, companies are not 100 percent buttoned up as they should be, especially in the school setting. The FTC has brought 31 cases to enforce it, in addition to enforcement from state attorneys general like New York’s Operation Child Tracker and New Mexico’s AG suing Google, Twitter and other companies for violating children’s privacy.”
But why blame Google? Shouldn’t it be buyer beware, especially if what you are buying is free? And shouldn’t the parents know better? What about schools?
It’s hard to place the blame since there is plenty to go around. Most parents have no idea which Apps their kids download. And schools download Apps by the thousands. School networks offer a layer of protection, but phones and Chromebooks are used outside the network as well as in. According to LeiLani Cauthen, CEO of The Learning Counsel, “One school district executive who attended the recent Learning Counsel event in San Jose said they have 3,200 Apps and only 600 students. That’s the new reality. There are quite a few other major districts with thousands of Apps, including Houston ISD who, on last report, had over two million digital resources.”
In a school district like Houston IDS with over two million digital resources, what are the chances that each one has been rigorously vetted to make sure that it complies with all COPPA regulations? For that matter, what do you think the odds are that every app on your kid’s phone and Chromebook have been rigorously vetted? If you said 100 percent safe, then you and I need to talk. I have this little one-owner bridge in Brooklyn I’d like to sell you. Even without the data, common sense should tell you that your child’s privacy isn’t safe.
Want to do something fun? Go on your Google account and request the data they have on you. They don’t mind showing it to you. I think you’ll be amazed.
HERE’S WHAT GOOGLE SAYS ABOUT YOUR CHILD’S DATA
Google has different rules if your child signs up through Family Link. Even with Family Link, here’s what Google has to say:
“As part of the account creation process, we ask for personal information like first and last name, email address, and birth date.
We automatically collect and store certain information about the services your child uses and how your child uses them, like when your child enters a query in Google Search, talks to the Google Assistant, or watches a video on YouTube Kids. This information includes:
- Your child’s apps, browsers & devices
We collect information about the apps, browsers, and devices your child uses to access Google services, including unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number. We also collect information about the interaction of your child’s apps, browsers, and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your child’s request. We collect this information when a Google service on your child’s device contacts our servers, for example, when they install an app from the Play Store.
- Your child’s activity
We collect information about your child’s activity in our services, which we use to do things like recommend apps they might like on Google Play. Your child’s activity information that we collect may include things like search terms, videos they watch, voice and audio information when they use audio features, people with whom they communicate or share content, and Chrome browsing history they’ve synced with their Google Account. If your child uses our services to make and receive calls or send and receive messages, for example by using Google Hangouts, we may collect telephony log information like their phone number, calling-party number, receiving-party number, forwarding numbers, time and date of calls and messages, duration of calls, routing information, and types of calls. Your child can visit their Google Account to find and manage activity information that’s saved in their account and you can also manage their activity information by signing into your child’s Google Account.
- Your child’s location information
We collect information about your child’s location when they use our services. Your child’s location can be determined by using GPS, IP address, sensor data from their device, and information about things near their device, such as Wi-Fi access points, cell towers, and Bluetooth-enabled devices. The types of location data we collect depends in part on your child’s device and account settings.
- Your child’s voice & audio information
We may collect your child’s voice and audio information. For example, if your child uses audio activation commands (e.g., “OK, Google” or touching the microphone icon), a recording of the following speech/audio, plus a few seconds before, will be stored to their account from any of your child’s signed-in devices, when the Voice & Audio Activity setting is enabled.”
Chilling, isn’t it? And as soon as your child turns 13, he or she is eligible to forgo parental supervision and any child protection options. If your child is smart enough to bypass the Family link and create an account as an adult, then there are virtually no protections no matter the age. Of course, even if your pre-teen did sign up under the Family Link, Google saves all that information and uses it against your child later.
According to Marsali Hancock, President of the EP3 Foundation, “Information gathered about our children from their networks, devices, and applications will be used for decades. Data left unprotected by schools or the vendors they use may potentially impact a child years later. For example, recruiting companies are hired to identify candidates most likely to succeed in a specific career track or an academic opportunity. Information gleaned from earlier experiences provides insight into the attitudes and behaviors, the emotional and social resilience, and the determination of students. Over the course of a child’s learning experience, this data can be rich and deep. Students struggling with some academic subjects, or perhaps personal life challenges such as divorce or behavioral health may be unknowingly excluded and not considered by recruiting companies.”
I’m not saying there is anything nefarious about Google, but like all big tech companies, they are driven by profit and domination. Knowledge is power. And Google is the most sophisticated knowledge-gathering entity in the history of the world.
Ever wonder just how much of the education market Google controls? According to an EdWeek Market Brief, 68 percent of school districts use some part of Google Classroom. When you consider that Google Classroom wasn’t released until May 6, 2014, that figure is astounding. School districts by their very nature are slow to change and adopt new technologies, and a sales cycle can take 18 months. But Google figured out a way to break through the traditional sales cycle. They gave it all away. And it worked great. IT folks loved it. But why would Google give away so much stuff to schools? Because in today’s market, free sells.
But there’s nothing new under the sun. I hearken back to my college days at Western Carolina, in my Economics 101 class. In 1980, I had a professor that started every class with the same statement, “There are no free lunches.” It was drilled into the mind of every student in the class. And it’s as true now as it was then. If Google is giving away the product to students, then students are the product and their data is the cost. It’s economics 101.
And here’s more. According to Hancock, “Before a child enters a classroom, schools require a great deal of information about their families. It includes contextual details such as where a child lives, the household income, health and immunization records, Social Security numbers, language spoken at home and cultural and religious background. After enrolling, the information about students continues to grow exponentially. This data is vulnerable. Without training it is not possible for a generation of teachers and administrators to understand how data is used, its value in the digital economy and innovation, and the implications of unexpected outcomes because of algorithms.
“The most crucial question we need to ask about student and child privacy is how we are going to work together to protect our children’s digital assets, the artifacts of their learning experiences,” says Hancock. “The school project that used to be taped to my refrigerator door for the family to enjoy is now digitized and potentially commercialized with unknown consequences in our new era of artificial intelligence and machine learning.”
About the Author
Charles Sosnik is an education journalist and editor living in picturesque Gastonia, North Carolina. He is an education fellow at the EP3 Foundation and frequent writer and columnist for some of the most influential media in education including The Learning Counsel, NSBA Journal, EdNews Daily and edCircuit.
This article was reprinted by permission from Grit Daily, the top source for news coverage on brands, fashion, tech, influencers, entrepreneurship, and life.