Kids & Screens: Questions for Students, Teachers and Parents
As a parent and teacher, I get to see both sides on how schools handle data privacy. Here is a list of questions that students, teachers, parents and school administrators should consider:
- What happens when you upload a picture to 'the cloud'?
- What is a server?
- What can the administrator of a server do and see?
- What are methods a school could adopt to limit admin access to community data (protocols, zero-knowledge, encryption)
- How does a data collection business model work?
- What is data encryption?
- What does 'decentralised' mean?
- What is free open source software?
- What are the real risks with current popular applications (Instagram, TikTok, etc.)
- What are good alternatives to these applications?
- What data does the school store about you?
- What data does the school store about teachers and staff?
- Where is this data stored?
- How long will it be stored after someone leaves the school?
- Who can see it?
- How is the school's data secured, and is that security tested?
I have the following three recommendations for schools:
Teach Information Technology a core subject
Many of my colleagues and most of my students don't know what a server is. I learned about how servers work, just the basic concepts, not all that long ago. I cannot now remember what I thought happened whenever I posted a photograph or comment to Facebook. I held a blind trust in companies, an almost literal view of a data cloud. I think I assumed it was a private space.
I firmly believe schools are the best places to learn about the mechanisms that now form the backbone of our society: storage space on hardware owned or rented by a company, a database with usernames and passwords that enable access to desirable content or networks, and a stored record of all actions and interactions.
Learning about data storage and networked interaction can open discussions about moral and ethical decision-making around these realities. Should a company store user data by default, simply because they can? Is trading free content for user data a desirable approach? Are whistleblowers heroes or villains? Is a tool bad because it is useful to criminals? How can we ensure IT administrators don't abuse their position? Given the direction we are going, and how few critical questions are being asked, teaching Information Technology as a core subject is now essential.
Switch to free open source platforms
Secondly, schools should adopt open source tools for content management and communication, and use free open source software by default. We need to think big and onboard the entire cohort of each new generation in the whole country, state or province. Google knows this, which is why they put so much effort into pushing Chromebooks and Google Suite into schools.1
There is a financial incentive beyond the ethical considerations too: these tools are free, and as robust as any of the proprietary platforms we use today. Nextcloud could easily function as a school wide platform, with user spaces, shared calendars, document storage, email and so on. School laptops could run on Ubuntu, or any distro, really. LibreOffice could easily replace Word, Excel and Powerpoint. Jitsi could be used for video calls. Standard Notes could be promoted as an excellent organisation and note-taking tool, and BearBlog for minimalist, private publication. Firefox could be set as the default browser.2
All that is required is a shift in perspective, a period of adjustment, and retraining of IT support staff (though my guess is most IT staff are already very much onboard with adoption of these tools).
Normalise asking questions about data & security
Lastly, asking questions about how data is stored should be normalised for all stakeholders.
Last year, I contacted my school's administration with the last five questions in the list. In particular, I wanted to know how well or ill-prepared our school is against a ransomware attack—listening to the Surveillance Report weekly will put a person in that mindset.
Schools store very sensitive data, and are therefore vulnerable to ransomware attacks. School databases and servers contain information such as:
- teacher and staff evaluations, improvement plans, performance reports
- letters of dismissal
- police records on all staff (required)
- all student grades and performance reports
- university application information
- notes on discussions about students who may be struggling academically, socially, or health-wise
- detailed health records
- previous school records, including any medical or psychological reports
- psychologists' reports on learning disabilities, giftedness, mental health, family life
- notes on behaviour, including academic honesty infringements and other forms of cheating, suspensions and expulsions
- notes on home situations and attendance
- notes about parents
- everyone's contact details
- copies of letters sent home on a range of personal issues
- communications to outside agencies regarding concerns about abuse or neglect
- school counsellor emails, files, reports
- the school's financial reports, public and closed
- board minute minutes and reports, public and closed
- strategic and financial plans
- accident reports
- union and health and safety records, communication, and other documents
It's not the kind of information schools can afford to have out in the open. Future careers could be impacted, or current careers of alumni could be affected—for example with academic honesty records.
I learned that some of our data is kept on servers on site, but a lot of it is entrusted to a third party company. It was impossible to contact that company directly with my questions; their website was nebulous. I wanted to ask, for example, whether or not our community's data was used in test-running new tools in development phase for their platform, and if so, whether or not that data was anonymised.
I distinctly began to feel like an unwanted, nosy intruder. The admin at one point asked me: why do you need to know this? Psychologically and socially, it was a strange, alienating position to be in. It felt as if people might begin to think I was asking these questions for potential misuse.
There is an unfortunate, wide-spread apathy to the problems around data privacy. People know about the Orwell novel 1984, and "Big Brother" is still commonly referred to in pop-culture. But there doesn't seem to be a lot of preventative action. Orwell's dystopia, where the state or company control the individual through a total removal of privacy is exactly what we are headed for.
If ministries of education could show some clarity of mind, and just think like Google for a short while, then it should quickly become apparent what needs to be done. If you want to continue to organise people into free and open societies, where personal, digital and transactional privacy are self-evident, then you have to start in schools.
The three approaches I list above (teach IT as core subject; adopt FOSS tools; normalise data transparency) are not difficult to execute within a 5 to 10 year period across an entire district or even a country. The results could be as impactful and far-reaching as teaching reading and writing are today.
The Surveillance Report makes you very aware of just how common data breaches and ransomware attacks are now.
Jesper Graugaard mostly reports on his activism against Chromebooks in schools on his LinkedIn page (search 'Jesper Graugaard').
-----Discuss on Reddit-----
Subscribe to my blog via email or RSS feed.
Find me on Mastodon and Twitter.
Back to Blog
see Jesper Graugaard's battle against the use of Chromebooks in his child's school in Denmark↩
My current school uses Chrome as default browser, Google default search engine, Google Drive, Docs, Calendar, Gmail; MacOS or Windows, Word, Excel, PowerPoint, WhatsApp, and proprietary third-party controlled software for all data storage and communication home.↩