Video conference sessions. Webcams. Mics. Student surveillance has taken on various forms as universities make their great migration online. In the US, academics are pondering the implications of these measures on student privacy.
Macomb Community College English professor Chris Gilliard told The Chronicle of Higher Education that student surveillance in moments like these open the door to potentially-exploitative practices. Gilliard, who studies privacy and digital policy, said this is because authorities “are grasping at straws and desperate for solutions,” and “vetting is completely out the window.”
Not all academics share this concern, though. Fred H Cate, vice president for research and a professor of law at Indiana University believes that data gathered by colleges over the years have not been used too much, but too little. “From online exams, homework uploads, and classroom-participation clicks, colleges can learn a lot about weaknesses in teaching and curriculum, but much of that information goes unanalysed,” he said.
How is student surveillance carried out?
It all begins with your learning management system (LMS), which holds your personal information and progress data throughout the duration of your course. Canvas was a popular LMS even before COVID-19 online learning. But few know that its parent company Instructure is being sold to private equity firm Thoma Bravo to the tune of US$2 billion.
This drove technologists and educators to write a protest letter in December 2019. The letter demanded that the company inform them how LMS data will be used and that students be given the choice to opt-out of data collection. Besides that, student surveillance via third-party apps is also called into question. For instance, video conference service provider Zoom has had 200 million users this semester alone. Zoom collects technical information like your IP address and details of your OS and device, just to run on your computer.
The company has come under fire for privacy and security threats, including Zoombombing, which can greatly disrupt online learning. Where online exams are concerned, universities can implement student surveillance via third-party proctors. Online proctoring allows invigilators to view students’ workspaces, tracking eye movements and time away from the screen to detect possible cheating.
This raises questions about cybersecurity and the ethics of student surveillance. However, this proctoring technology is also what allows exams like the LSAT, GMAT, GRE, TOEFL, and IELTS to continue at home while in-person testing is suspended.
Is student privacy under threat?
Back in 2018, the Federal Bureau of Investigation (FBI) warned about cyberthreat concerns to K-12 students using educational technologies. As an online learner, your personal information including biometric data, academic progress, medical information, web browsing history and geolocation can all be hacked and misused by cybercriminals.
That’s why it’s important that all education software comply with the Family Educational Rights and Privacy Act (FERPA), which demands contractual stipulations that protect student privacy. Associate vice president at Vantage Technology Consulting Group Joanna Lyn Grama advises administrators to keep abreast of what FERPA-protected information may be revealed in their pivot to virtual learning. This includes metadata, which does not fall under personal information, but can still be used as a tool to gain it.
It’s no wonder that Consumer Reports privacy researcher Bill Fitzgerald believes this is not the time to hastily adopt new technology. Rather, it’s the time to return to the drawing board with learning outcomes as the main objective. “I don’t think that anything is etched in stone, but I think we need to embed good practices now,” he told Inside Higher Ed.
What should universities do?
First, universities need to ensure they own and control all staff and student data. The FERPA dictates that institutions must have full responsibility for where this data goes. For example, although Canvas parent company Instructure has said it will not sell or share user data, third-party affiliates can still access its user information. This is the case for many ed-tech providers in the US.
Since such industry practices are widely accepted, universities must evaluate and trial each service before rolling it out. As students and educators remain vigilant of their cybersecurity rights, universities must protect those rights when greenlighting surveillance practices.