InBloom Presentation Updated 9.30.13

7/27/2019 InBloom Presentation Updated 9.30.13

1/13

On resolution No. 1768: the threat to

student privacy and safety representedby inBloom, Inc.

Testimony for the

NYC Council Education Committee

Prepared by Leonie Haimson, Class Size Matters

September 30, 2013


2/13

inBloom Inc. is a non-profit corporation funded by $100M from the GatesFoundation to collect and share personally identifiable student data withvendors.

The information is being uploaded onto a cloud operated by Amazon.com.

In NY State, districts have been told they must sign up for data

dashboards from three vendors, ConnectEDU, eScholar or NCSPearson/Schoolnet, populated with student data from inBloom cloud.

inBloom plans to commercialize this sensitive data, with state & districtconsent, and provide it to additional for-profit vendors, to help them developand market their learning products.

Wireless Generation/Amplify, a subsidiary of Rupert Murdochs NewsCorp,is building inBlooms operating system.

What is inBloom Inc.?


3/13

What information is being shared?

The highly sensitive data that NYS intends to share with inBloomand other vendors includes student names, addresses, phone nos.,emails, grades, test scores & proficiency levels, ethnicity, disabilitystatus, attendance and disciplinary records.

The info will include records for students from day they enrolled inpublic school, including up to 12 yrs of data for HS students.

NYSED is urging districts to share even more detailed information,

including health & pregnancy information, economic status, familystructure and immigration records.

If this information leaks out or is used inappropriately, it could imperila students security, safety and future, including chances of college

admission or obtaining a job.


4/13

What is inBlooms goal?

InBloom claims that this project will lead to greater efficiency, dataanalysis and integration, and create a vibrant market inpersonalized learning tools.

Ken Wagner of NYSED says that service providers, tools and

standards will converge in "a magic mix that hasn't come togetherbefore."

In NYC, the Department of Education spent $80M on ARIS datasystem, with data dashboards also built by Wireless Generation.Many of same claims were made, yet ARIS is rarely used andconsidered by many a boondoggle.

The DOE project director for ARIS, Sharren Bates, is now the COO

of inBloom Inc.


5/13

Dashboards will also include warning flags and

behavioral incidents

Sample dashboard from inBloom video


6/13

In a recent survey, 86% of technology experts say they do not trustclouds to hold their organizations more sensitive data.*

inBlooms security policy states they canno t guarantee thesecur i ty of the informat ion stored in inBloom or that the

inform ation w i l l not be intercepted when it is being

transmitted.

In April, the personal information of 50 million customers ofLivingSocial was inadvertently disclosed when an Amazon.comcloud was hacked into .

The sharing of personally identifiable student data with inBloom isbeing done without parental notification or consent.

*Lieberman Software's 2012 Cloud Security Survey

What about security?


7/13

Though NYSED claims inBloom FERPA-compliant, Family EducationalRights and Privacy Actregulatingprivacy of educational records weakenedby US Dept of Ed in 2009 and 2011 to encourage data sharing withcontractors & authorized agents without parental consent.

US Dept of Ed has now been sued in federal court for rewriting FERPAregulations in way violating original intent and language of law.

The same data stored in childs health records or gained through online

usage could NOT be shared with any 3rd parties without parental consent,acc. to HIPAA (Health Insurance Portability and Accountability Act) or

COPPA (Childrens Online Protection Act)

News Corp has been accused of illegally violating the privacy of individualsin the UK and the United States by hacking into phones and computers.

What about privacy?


8/13

Issues with the dashboards-- even if there are no breaches

Minor incidents will now enter into a students permanent

record and be easily accessible to teachers and othersthrough the dashboards.

Research shows that teachers tend to stereotypestudents based on prior knowledge and that this oftenbecomes a self-fulfilling prophecy.

If dashboards reveal to teachers details in a students

academic or disciplinary history before they even havemet, studies suggest this can create negativeexpectations that seriously impair a childs prospects.


9/13

Most inBloom states have now pulled out becauseof privacy concerns and protests

Fol lowing p rotests, f ive out of nine or ig inal inB loom states(NC,LA, DE, GA, and KY) announced that they will not share any studentdata.

COs one pilot district Jefferson Co. just announced it will allow parentsto opt out of inBloom and data dashboards and that NO studentdisciplinary data will be shared.

MA is reconsidering its participation for its one pilot district, Everett.

IL says intends to expand its participation to 35 districts, but will allowdistricts to decide whether to share data.

New York now ONLY inBloom participant disclosing private student

data from entire state, whether districts and parents like it or not.


10/13

Considerable costs & risks tostates/districts

Starting in 2015, inBloom says it will start charging states/ districtsfor its services by $2-$5 per student per year.

Data dashboard vendors will charge an additional $1-$3 per year;additional fees will incur for any other software tools using data from

the inBloom cloud.

If this data leaks out or is used inappropriately, the potential cost tothe state or district from class action lawsuits is far greater, sinceinBloom & Gates have insulated themselves from legal liability.

inBloom says it is now also explor ing charging vendors for itsservices. If not selling student data, this could be likened to rentingit out.


11/13

Sample racial, economic, language data to bebeing collected by inBloom

Source: https://www.inbloom.org/sandbox


12/13

Sample disability & medical datacollected by inBloom, Inc.

Source: https://www.inbloom.org/sandbox


13/13

What should be done? Last session, two bills were passed by NYS Assembly to block

inBloom: A.6059A would bar re-disclosures of personal student datawithout parental consent, and would require full indemnification fordata breaches.

A.7872A would allow parents the right to opt out of theirchildspersonal data being shared with any third parties.

Identical versions of these bill have now been introduced in the NYSSenate, by Senator Martins, S.5930, and Senator Robach, S.5932.

We urge the NYC Council to pass resolution No. 1768, and torespect the right of parents to preserve and protect the privacy oftheir childrens most personal and sensitive data.
http://open.nysenate.gov/legislation/bill/S5930-2013http://open.nysenate.gov/legislation/bill/S5932-2013http://open.nysenate.gov/legislation/bill/S5932-2013http://open.nysenate.gov/legislation/bill/S5930-2013

Documents

InBloom Presentation Updated 9.30.13