FEATURE |TECH TRENDS
joint workshop, “Student Privacy and Ed Tech,” planned for Dec. 1 and co-hosted by the U.S. Department of Education, which oversees FERPA, and the Federal Trade Commission, which is in charge
of COPPA. The goal is to clarify and untangle the intersection between the two regulations and how they can protect students without interfering with the promise of education technology.
One potential outcome from the work- shop, suggested Kloek, could be a greater motivation for schools and districts to get more active in communicating with parents and students about what they’re doing on privacy. “It’s hard. Public schools are required to send out the an- nual FERPA notice. I’m curious [about] who’s doing it well and whether parents are happy about the way things happen,” she said. “This is the first time where it’s going to be discussed out in public. It’s a conversation that’s needed to happen for a while. Bringing all the stakeholders to the table is an important step.”
Schools Will Continue Flubbing Cybersecurity While technology provides a
pipeline in education to the world and its riches of digital content, it can also be taken advantage of by “those with the most heinous views in ways that are fundamentally pretty threatening,” warned Doug Levin, president of consultancy Ed Tech Strategies and former executive director of the State Educational Technology Directors Association.
It doesn’t help that cybercriminals have decided districts are low-hanging fruit
for plucking personally sensitive data. “Schools have lots of things connected, but they don’t have a lot of IT support. They’re not always running the latest and greatest equipment. And so that makes them a target of opportunity,” Levin explained. At the beginning of 2016, Levin began tracking cybersecurity- related incidents reported about U.S. K-12 public schools and districts. As of the end of November 2017, he has added 234 security-related events to his “cyber incident map.”
What’s particularly “scary” about the break-ins these days is not simply the loss of personal data, he added, but how some criminals have sought to attack schools “specifically because they are places where lots of kids are, and they’re interested in making political points.” For example, a number of Los Angeles and Ventura area school websites were hijacked in 2017 to display pro-ISIS propaganda. More alarming, in October, a district in Iowa closed several schools after parents received text messages
that threatened the safety and security of their children; some believe hackers stole personal information from the district network.
The fact that nobody else was doing this security tracking in such a focused and methodical way before Levin took on the challenge indicates just how immature the education field is when it comes to cybersecurity. “We know so little about the nature of threats that it’s still in a
place where we believe the world is flat,” he mused. “We don’t really understand the nature of threats — how they change over time, what steps districts can take to protect themselves. If you don’t understand the nature of a threat, you can put in place all sorts of policies or buy all sorts of technology, and it turns out you’re buying the wrong stuff.”
That lack of maturity also surfaces in how data breaches are communicated to those affected as well. Levin cited a situation in Texas in which numerous districts had their employees’ names, social security numbers and other data exposed on a website managed by the Texas Association of School Boards. Rather than coming clean as soon as possible about how many people were affected and from which districts,
every time a news story appeared, the information was updated, as if one district didn’t know about the break-in that occurred in the next district over. “It’s the classic wrong way to get bad news out there,” said Levin.
“There may be a need for guard rails, but it’s not clear who gets to set them and how they get set,” Levin acknowledged. “It may be that all this connectivity is not an unabashed good.”
Dian Schaffhauser is a senior contrib- uting editor for 1105 Media’s education publications THE Journal and Campus Technology. She can be reached at dian@dischaffhauser.com or on Twitter @schaffhauser.
Some have sought to attack schools “specifically because they are places where lots of kids are, and they’re interested in making political points.” — Doug Levin, Ed Tech Strategies
18
| JANUARY/FEBRUARY 2018