Educators across the country were welcomed back to school this fall by an FBI warning to tread carefully into the risky waters of education technology.
The FBI also urged parents to learn more about the cybersecurity risks associated with education technology and to ask their local districts about how technology is used and student information protected in their schools.
“The US school systems’ rapid growth of education technologies and widespread collection of student data could have privacy and safety implications if compromised or exploited,” the FBI warned in a September public service announcement.
Districts across the region have and are planning to spend tens of millions of dollars on expanding the use of technology in schools. Most districts are pursuing efforts to pair every student with a computer and many have shifted large amounts of classwork to web-based programs. Devices that power the most basic classroom tasks rely on interconnected technologies, and the testing of students both in annual state tests and regular district monitoring has moved more and more onto computers – starting in the youngest grades.
Technology proponents and many educators argue the benefits of technology promise to remake nearly every aspect of education in ways that will better serve each student’s individual needs. Many students also favor increased technology use, digital natives making their way through school systems built in a pre-internet age.
Clint Donovan, a sixth grader at Oneida Middle School, last week highlighted the many benefits of using computers in class.
“It gives use more advantages -- typing not writing,” Clint said when asked for his thoughts on expanding computer use in class. He said it would mean more work and more learning.
But even Clint the sixth-grader had an intuitive sense of the weighty concerns over student use of powerful technologies.
“There could be permission slips for parents to sign to make sure it’s OK,” Clint suggested.
The FBI warning said “malicious use” of student data could lead to “social engineering, bullying, tracking, identity theft, or other means of targeting children.” The announcement also highlighted a 2017 hack of multiple school districts and separate breaches at two large companies in the education technology field, which compromised student data, some of which wound up for sale on parts of the internet.
Data on at least 50 students across five districts in the New York were breached last year when a former employee at Questar Assessment, the company hired to administer the state’s annual tests, viewed student information.
Last week, the Office of the State Comptroller urged the state Education Department to hurry up in implementing July 2017 recommendations auditors made to strengthen protections of key SED computer systems. Auditors in a letter to SED said education officials had not yet adopted policies to “address all aspects of information security.” Education officials said the lack of progress was to blame on a vacancy in the department’s chief information security officer position.
For some parents, the FBI warning this fall was a distillation of many of the concerns they’ve had for years. Tricia Farmer, a parent in the Burnt Hills-Ballston Lake School District, said she has long been worried about the march toward more and more technology in the classroom. She said she fears the role of the teacher is being diminished and that students are missing out on the development of critical and creative thinking skills.
She also pointed to the large number of data points collected by state agencies, as well as local districts, and said she worried parents have lost control over decisions that impact the education their children receive.
“Moving to so much technology, the biggest concern is data security and privacy, and I don’t think any of our districts’ IT departments are really equipped to handle the data component,” Farmer said.
Farmer has a sophomore at Burnt Hills-Ballston Lake High School and a son who graduated last year. Her younger son has had a chromebook as part of his education since eighth grade, she said. She said questions about her concerns are mostly returned with “generic answers” that educators are doing their best to protect student information.
“Districts feel we have to embrace this technology because it will better prepare our students for science and technology fields, but just putting one-to-one devices in their hands all day long is not nurturing their critical thinking skills,” she said.
Administrators are tuned to the threats and concerns around technology use and face rules on both state and federal laws meant to protect student information. But school districts are also less equipped to handle digital risks than many other organizations, so they have to rely on outside support and the work of independent contractors in keeping district networks and student data secure.
“There’s not an area I don’t worry about it,” Schenectady Superintendent Larry Spring said when asked about his technology security concerns. “There’s no area I feel we are totally safe.”
Spring said the district is not staffed with computer scientists who can constantly probe and improve digital security measures, so the district must work with private companies and other organizations.
“Trying to anticipate where we have vulnerabilities, we ask people to help us with that,” Spring said.
Spring said the district has been the target of cyber-attacks -- he suspects mostly broad attacks against many organizations rather than targeted attacks specifically against the district – and that the district works to strengthen its protections based on the lessons of their experience and those of other organizations.