Roseville City School District Embraces Chromebooks, But At What Cost?
A Case Study of a California Father Fighting His Daughter’s School District Over Digital Privacy
Katherine W. was seven years old, in the third grade, when her teacher first issued Google Chromebooks to the class.
Katherine’s father, Jeff, was concerned. It wasn’t because he had a problem with technology. In fact, Jeff and his family are technology enthusiasts. “We bought a house in this area primarily because of the school district. And one of the things that excited us about the school was the use of technology,” Jeff explained during a recent interview with EFF.
That enthusiasm waned when the school retired its former laptops and brought in Chromebooks for the students instead, also assigning each third grader a profile in Google Apps for Education, Google’s cloud-based education suite. Chromebooks may have been cheaper, but Jeff feared they might come at the cost of his daughter’s privacy.
Roseville City School District, near Sacramento, is one of the many districts now issuing mobile digital devices to students. In fact, one study estimates that nearly a third of middle and high school students in the United States are using mobile devices like laptops and tablets issued by their schools.
When Jeff learned about the Chromebooks being offered to third graders, he acted quickly and was able to negotiate with his daughter’s teacher so she could use a different computer and not have to use a Google account. But as third grade came to a close, Roseville City School District made clear that there would be no exception made the next year.
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects students’ “educational records,” including personally identifiable information. The data that students often use to log into a Chromebook or Google Apps for Education—like name, student number, and birthday—is covered by FERPA. Under FERPA, this data generally can’t be shared with third parties—including Google—without written parental consent.
But Roseville City School District never sought written consent from Jeff or his wife. The district provided no details about the types of devices students would be required to use or the data that would be collected on students. Rather than allowing Jeff to sign his daughter up for the Chromebook program, the district consented on his behalf, making the device mandatory for Katherine—with no ability to opt out.
Many people—including Jeff—assumed that the law would prevent Google from collecting data on his daughter for advertising purposes. But the truth is more complicated. While Google is legally forbidden from creating a profile on Katherine when she’s using the school-sanctioned Google Apps for Education tools (which include email and document sharing), it can collect data as soon as she uses other Google services that aren’t part of the student-specific suite—including YouTube.
This means that Katherine is required by the school to use Google with a personalized Google Account, and Google can create a profile of her and use it for advertising purposes the moment she clicks away from the Google Apps for Education suite.
But it’s even worse. When schools issue Chromebooks, Google’s browser Chrome comes with Chrome Sync turned on by default. So instead of storing sensitive data—like browsing history—locally on the device, Chrome syncs that data to the cloud and allows Google to collect and indefinitely store sensitive data about students’ use of Chrome to browse the Web.
With EFF’s guidance, Jeff started a dialogue with the Roseville City School District over the summer to try to resolve the issue before his daughter started fourth grade. He emailed the district superintendent, the principal, and the technology director, outlining his concerns. Jeff even offered to buy a different laptop for his daughter, but the school refused. Finally, after several emails and a tense meeting later, the district agreed to provide Jeff’s daughter with a non-Google option for fourth grade—but once again declared that such an accommodation would not be possible for fifth grade.
That’s when EFF reached out to the district. Our legal team drafted a letter to the Roseville City School District to outline the privacy concerns associated with school-issued Chromebooks. The letter urged the district to permit “all students – if their parents so decide – to use alternative devices, software and websites, for the upcoming school year and every year.” The district refused to meet with us to discuss the issue.
For Jeff, the biggest concern isn’t just the data Google collects on students. It’s the long-term ramifications for children who are taught to hand over data to Google without question. It’s normalizing the next generation to a digital world that’s less private by default, and built on proprietary software.
As Jeff explained it, “In the end, Google is an advertising company. They sell ads, they track information on folks. And we’re not comfortable with our daughter getting forced into that at such an early age, when she doesn’t know any better.”
Learn more about the privacy problems of school-issued digital devices. Are you a parent, teacher, or school administrator concerned with the privacy risk of school-issued devices? Tell us about it.
Image courtesy Jeff W.
Recent DeepLinks Posts
Jan 23, 2017
Jan 23, 2017
Jan 23, 2017
Jan 19, 2017
Jan 19, 2017
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- UK Investigatory Powers Bill
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Shadow Regulation
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games