Why Can’t Students Opt-Out of Data Collection in Higher Ed?

You know, for all the talk from EdTech vendors about being student centred (and let’s face it, LMS’s and most of the other products are not student centred) and all the focus on data collection from student activity – why don’t products have an easy opt-out (being student centred and all that) to not allow data to be collected?

What makes matters worse in many ways is that the data collection is hidden from student’s view. For instance, in many LMS’s they track time spent on content items or files uploaded. This tracking is never made explicit to the student unless they go and dig into their own data. And doing that is incredibly difficult and you don’t get a complete picture of what is being collected. If I was a more conspiratorial minded person, I’d suggest that it was done on purpose to make it hard to understand the amount of total surveillance that is accessible by a “teacher” or “administrator”. I’m not. I honestly believe that the total surveillance of students in the LMS is really about feature creep, where one request turned into more requests for more information. LMS’s on the other hand want to keep their customers happy, so why not share what information they have with their clients, after all it’s their data isn’t it?

Actually, it’s not. It’s not the client’s data. It’s the individual’s data. To argue otherwise is to claim that what someone does is not their own – it reduces agency to a hilariously outdated and illogical idea.

The individual, human, user should be allowed to share or not share this data, with teachers, with institutions or with external companies that host that data in an agreement with an institution that probably was signed without them even knowing it. There’s an element of data as a human right that we should be thinking about. As an administrator I have a policy I have to adhere to, and a personal set of ethics that frankly are more important to me (and more stringent) than the obscurely written-in-legalese policy. An unscrupulous, or outright negligent LMS administrator would mean that all bets would be off. They could do things in the LMS that no one, except another administrator, could track. Even then, the other administrator would have to know enough to be able to look at all the hundreds of different changelogs, scattered across different tools, across different courses and do essentially a forensic search that could take a good long time to undo any damage. That lack of checks and balances (a turn of phrase that appears purposefully as I think we’ll see what a lack of checks and balances will be like in the US the next few years) which could be implemented as part of using the system, but aren’t, leaves education in precarious situations.

The idea that the data locked in the LMS without the students being able to say, “I only want my data shared with my College” or “I only want my data shared with company X for the purposes of improving the system” shouldn’t be hard to implement. So why hasn’t it been done? Or, even talked about?

In my opinion, the data that gets harvested (anonymously of course) provides more important information to the company about how people use the system than the optics of having an opt-out button. It allows Blackboard to say how instructors use their system. We could talk about how terrifying this blog post is (instructor use is a proxy for how students use the system because LMSs give power to instructors to construct the student’s experience), or devoid of solid analysis. I’ll deal with the analysis later, so let’s just consider how this is entirely without context.  Blackboard hosted sites have been harvested (probably with the consent of the people who signed the contracts, not the instructors who actually create things on the system, or the students who engage in the system) by Blackboard to tell you how you teach. In one of the cited pieces, Blackboard says that they used this data to improve their notifications. If I put this through for ethics review, and said I’m going to look at notifications improvement and then released a post about how people used the whole system, it may very well be in their rights (and I suspect it is) but it is ethically murky. The fact they’ve released it to the public allows the public to ask these questions, but no one really has? Or if they have, I missed it.

The fact that Blackboard can do this (and I’m talking about Blackboard because they did it, but there’s a similar post from Canvas that’s making the rounds about discussion posts with video being more engaging or some such idea) without really clearing this with any client is chilling. It also constrains how we perceive we are able to use the LMS (it sets the standards for how it is used).

Digital Marginalia 2 – Electric Boogaloo

Digital Marginalia is an infrequent blog post series that captures some links I’ve retweeted or looked at, grouped into a theme, and commented on.

Disrupting Education/Learning – Whatever that Means

There’s two related bunch of links that are tied here; the first being the onslaught of Richard Branson, Disrupting Education:

http://www.virgin.com/richard-branson/disrupting-old-education-models

http://www.virgin.com/richard-branson/education-outside-the-classroom

And the response:

http://blog.edtechie.net/uncategorized/what-disruptors-really-want/

http://cogdogblog.com/2015/10/05/richard-branson/

It’s strange because I understand what Branson’s saying, and yes, education needs more flexible education. But to criticize something he doesn’t really know, because he didn’t go into it forty years ago, and isn’t part of it now, and clearly doesn’t get that in fact, higher education does do a lot of the things he says it doesn’t. Business schools basically train their graduates to be startups. Many, many MBA programs have that as their overarching theme. Our Master’s level Engineering program is based on a business project model with real clients. We aren’t unique in this. Our Geography department have several trips to real world places to do the work that they will do post-graduation. When I went to community college a decade ago, we took several entrepreneurship classes, because they knew that software designers would likely be their own bosses. Should things be more flexible? Yes. Often the reason things aren’t flexible is because someone, somewhere along the line bought a student information system that can’t schedule things in less than three hour blocks, or doesn’t understand that a course isn’t 14 weeks. That’s the sort of flexibility that the private sector brings you. Get real, Branson. Martin Weller said it better (first link under responses) so go read his post and give it some love because it’s so terribly spot on.

https://www.lrng.org/

“LRNG redesigns learning for the 21st century so that all youth have an opportunity to succeed.”

Really, I don’t have any non-vulgar words… OK here’s a fact you may want to consider, YOU CANNOT REDESIGN HOW I LEARN. I control how I learn. YOU control how you communicate information to me; I control how I receive that information. If you do not agree, then you are working on a paradigm that reinforces that students are empty vessels that need to be filled with knowledge. Again, I agree with connecting someone’s passion with learning, doing it through an online medium, sure that’s awesome. I love the Cities of Learning program, I really do. Just “redesigning learning” is like saying you’re “redesigning eating”.

Closing of the Open Web

http://www.theguardian.com/technology/2015/oct/06/reddit-upvoted-launches-aggregated-news-site–with-no-comments-allowed

http://motherboard.vice.com/read/im-on-twitter-too

Commenting, whether you think it valuable or not, is one of the best features of the world wide web. The amount of time I’ve found something in the comments of an article that links to another great thing is staggering to think about. The Vice thing is kind of delicious, in that after years of cultivating this vacuous audience (looks directly at Dos & Don’ts) they now want a civilized discussion. I guess people can grow up, but instead of turning off comments, why don’t you do like many other places and cultivate the commentary by moderating it. That way, you approve the good stuff and your audience doesn’t have to change the way they interact with the site.

Privacy

http://campustechnology.com/articles/2015/09/28/deep-learning-privacy-research-gets-google-go-ahead.aspx

Google and privacy? Uhhh, the jokes write themselves.

http://motherboard.vice.com/read/how-to-see-what-facebook-tells-advertisers-about-you

Undoubtedly, not all of what Facebook tells itself about you.

Manditory watching. Glenn Greenwald is one of the most important journalists of our time. Seriously undervalued/rated.

 

 

 

 

 

i>Clicker Integration with D2L/Brightspace

I’m sure i>Clicker won’t be particularly happy with this post, that’s ok, because I’m not happy with them. The one thing as an LMS administrator that you should feel very, very sanctimonious about is sharing data. We have an internal policy that we’ll never share student numbers. I also think that we shouldn’t share usernames, however some folks feel that’s ok. I guess it depends on your username convention. First dot last as a convention is great, except in these cases when you’re trying to maintain privacy. Now, if you’re making a single sign on connection through LTI, you can have the originating LMS username obfuscated, which essentially boils down to a paired database table that has two usernames in it – the one handed off to the third party via LTI, and the one in the LMS. Typically, I’m a little bristly about this as well, because you become reliant on the system not changing how this is handled, and if there’s an HTTP call mixed in there, it still could be sniffed out while in transit… but that’s not what this post is about.

Since last year, I’ve been bugged by i>Clicker to do an integration to make sign-up with their service seamless for students. There has been some requests for integration between i>Clicker and the gradebook in D2L from some of the more heavy users. The first request, I’ve always put off because, frankly, I don’t do anything a private enterprise wants me to do, they aren’t my boss, nor are they a member of my community. They serve one purpose, and that’s collecting money. The second, however, does benefit a select user group on campus. We were thinking about this since last year’s summer of integration, and April had a couple minutes free (more on that in forthcoming blog posts), so we scheduled some time to finally make it happen.

We schedule a call, to walk us through the integration and see if there’s anything that we have questions about. I don’t need anyone to walk me through an integration, but I often like to raise privacy, data collection policies, and other awkward questions to the poor sucker who’s on the end of the other line. Typically they are ill informed. I didn’t even get to the awkward stage, as a request was made that was frankly shocking. I was asked to turn on passing the Org Defined ID – or our student number – to facilitate the connection. Not just at the tool level, but at the configuration for the Tool Information. See below:

config_tool_consumer (1) Now if I understand this panel correctly, it not only changes the configuration settings for the tool in question, but for all the tools. ALL the tools. So not only i>Clicker, but anything else you have connected through using the External Learning Tools administration panel. I asked our technical account manager about changing it, and he basically said, “yeah, that’s not good.”

So in the middle of this exchange where I explain how we don’t pass the student number under any circumstances, the i>Clicker representative seemed to be a little miffed about my protests. He wasn’t particularly nasty about it, but certainly didn’t seem to understand why this was an issue at all. Looking at i>Clicker’s website, students are asked for their ID. It’s different asking a student to give them their ID (consent) and setting up access to everyone’s ID (no consent).

What makes me wonder is, how many other institutions even give this a thought? Surely we can’t be the first person to balk at the idea of handing over student data like this? Or maybe we are being too paranoid? I mean, I guess there’s people who have faith in the third-party vendors, but I’d prefer having a license, stating exactly what they are doing with data, how they’re using it, how long it’s retained and an agreement signed between the two parties. That way if the external party violates the agreement, the institution can hold them liable for the data breech – something a little stiffer than “oops”.

RSS is the Most Important Web 2.0 Tool (for Privacy)

RSS is the most important web 2.0 tool because it respects your privacy. When you pull information from another user – they know much less about you than when you read it on their website. They can’t set cookies.

When you read at a distance through RSS, at your convenience, your information isn’t given to the server you’re reading it on via cookie – no time or date stamp, no location rough estimate via IP, no browser information, no information about whether your using a mobile device or not – in fact most of that is irrelevant. It’s about the content of your post. You can choose to interact by posting a comment, which then can give the owner of the feed a bit of information should they want to.

It’s like standing in the square, yelling into a megaphone, announcing some great feat. Some will just listen, some may yell back in opposition, some will walk away. This is how the web should work.

This brief post was inspired by several, but most recently this post at O’Reilly Media about RSS decentralization and Dave Winer’s brilliant but underused RSS Cloud.

Always-On/Off/On?

As we move to  a pervasive, constantly connected state – and isn’t mobile just another word for everywhere – what does this mean for us as a whole? We’re already struggling for a work-life balance – and stresses are showing at the margins already. People are overwhelmed, unable to keep up and give up. These people are the new impoverished. Impoverished in the sense that they can’t control, manage and then articulate themselves in an information-rich environment. Will this mean a backlash? What will people do?

One thing might be that people create areas of their lives that are unavailable to networks – in essence a “safe room” or along the lines of a sensory deprivation tank. I can see this being something that futuristic home builders might already be working on; a bedroom where no wireless or cellphone network can access. Where else would you want this? Anywhere your privacy might be important. We’ve seen what happens when two people in a relationship at distance will do to show their love (lust), and then later embarrass the other in a revenge plot. Emotions can get in the way. I see the Japanese inventing private hotels, much like the love hotels they have now to service young couples who have no privacy at home.

As we see the Internet of things evolve, we’ll need these sorts of strategies to allow maybe our fridge, stove and phone to talk, but not our fridge and furnace. And this opens hackers to having a real effect on human lives – if we trust devices to tell us we’re out of milk – does that mean a hacker could get us to buy two dozen bags of milk because they spoof a message from the fridge? Brings a whole new meaning to “your fridge is running… you better go catch it”.

This post was inspired by:

Who’s Watching The Wikimen, Or Wikipeople

I just found in a random search (for editing Wikipedia) an article by Wired about an effort to see who’s editing the world’s largest encyclopedia. I have some privacy reservations about this sort of third party monitoring, especially if corporations are turning the screws on people writing about their excesses. I guess though, if everyone can do it, everyone should. Of course, corporations are the sort of bodies that have people who can spare the time to do this sort of activity, which could lead to that sort of misuse. Now, I’m sure that’s not happening, because corporations never behave badly. Right?