Trust, Because You Can't Verify:Privacy and Security Hurdles in Education Technology Acquisition Practices
0
Sign in to get full access
Overview
- This paper examines the privacy and security challenges faced by education technology (edtech) procurement practices in the United States.
- The researchers investigate how school districts and other educational institutions acquire and evaluate edtech products, focusing on the lack of transparency and accountability around data privacy and security.
- The paper highlights the tension between the need for effective educational tools and the responsibility to protect student data and privacy.
Plain English Explanation
The researchers looked at how schools and school districts in the U.S. buy and evaluate different educational technology (edtech) products, like apps and software. They found that there are a lot of challenges when it comes to making sure these products are keeping student data and privacy safe.
Schools often don't have the time or expertise to thoroughly verify the privacy and security claims made by edtech companies. Instead, they have to rely on trust, even though they can't always be sure the products are as secure as promised.
This is a big problem because student data, like their names, grades, and even personal information, can be sensitive and needs to be protected. But schools are under pressure to use the latest technology to improve learning, even if that means taking some risks with privacy and security.
The paper discusses how this tension between using helpful edtech tools and keeping student data safe is an ongoing challenge for schools and districts. They need to find a way to balance these competing priorities in a way that works for both education and privacy.
Technical Explanation
The researchers conducted a qualitative study to investigate the privacy and security challenges faced by education technology (edtech) procurement practices in the United States. They interviewed 32 individuals involved in edtech acquisition, including school district administrators, technology coordinators, and edtech vendors.
The study found that schools and districts often lack the time, resources, and technical expertise to thoroughly evaluate the data privacy and security claims made by edtech vendors. Instead, they tend to rely on "trust-based" acquisition practices, where they assume the products are secure based on the vendor's reputation or marketing materials, rather than conducting in-depth verification.
This trust-based approach is problematic because it leaves student data vulnerable to potential breaches or misuse. The researchers identified several key hurdles, including:
-
Regulatory Leverage: Schools have limited regulatory leverage to enforce data privacy and security standards, as existing laws like the Family Educational Rights and Privacy Act (FERPA) are often outdated or lack clear enforcement mechanisms.
-
Vendor Opaqueness: Edtech vendors frequently obfuscate or withhold important details about their data practices, making it difficult for schools to assess the risks.
-
Procurement Pressures: Schools face pressure to adopt the latest edtech tools to improve learning outcomes, even if they cannot fully verify the privacy and security claims.
The paper concludes that addressing these challenges will require a multifaceted approach, involving policy updates, improved vendor transparency, and enhanced technical and legal support for schools and districts. The researchers call for greater collaboration between educators, policymakers, and the edtech industry to find solutions that balance the need for effective educational tools with the responsibility to protect student privacy and data security.
Critical Analysis
The researchers provide a well-researched and timely examination of the privacy and security challenges in edtech procurement practices. The qualitative approach, including interviews with key stakeholders, offers valuable insights into the real-world challenges faced by schools and districts.
However, the paper does not delve deeply into the long-term impacts of these privacy and security issues. It would be helpful to better understand the potential consequences for students, families, and the broader education system if the current trust-based approach continues unchecked.
Additionally, the paper could have explored more creative solutions beyond policy updates and improved vendor transparency, such as the role of technological innovations, alternative procurement models, or increased collaboration between the education and technology sectors.
Overall, the researchers have identified a critical issue that deserves further attention and research to ensure that the adoption of educational technologies is balanced with the need to protect student privacy and data security.
Conclusion
This paper sheds light on the significant privacy and security challenges faced by education technology (edtech) procurement practices in the United States. The researchers found that schools and districts often lack the resources and expertise to thoroughly evaluate the data privacy and security claims made by edtech vendors, leading them to rely on a "trust-based" approach that leaves student data vulnerable.
The paper highlights the tension between the need for effective educational tools and the responsibility to protect student privacy and data security. Addressing these challenges will require a multifaceted approach, involving policy updates, improved vendor transparency, and enhanced technical and legal support for schools and districts.
As the adoption of educational technologies continues to grow, it is crucial that policymakers, educators, and the edtech industry work collaboratively to find solutions that balance the benefits of these tools with the imperative to safeguard student privacy and data security.
This summary was produced with help from an AI and may contain inaccuracies - check out the links to read the original source documents!
Related Papers
0
Trust, Because You Can't Verify:Privacy and Security Hurdles in Education Technology Acquisition Practices
Easton Kelso, Ananta Soneji, Sazzadur Rahaman, Yan Soshitaishvili, Rakibul Hasan
The education technology (EdTech) landscape is expanding rapidly in higher education institutes (HEIs). This growth brings enormous complexity. Protecting the extensive data collected by these tools is crucial for HEIs as data breaches and misuses can have dire security and privacy consequences on the data subjects, particularly students, who are often compelled to use these tools. This urges an in-depth understanding of HEI and EdTech vendor dynamics, which is largely understudied. To address this gap, we conducted a semi-structured interview study with 13 participants who are in EdTech leadership roles at seven HEIs. Our study uncovers the EdTech acquisition process in the HEI context, the consideration of security and privacy issues throughout that process, the pain points of HEI personnel in establishing adequate protection mechanisms in service contracts, and their struggle in holding vendors accountable due to a lack of visibility into their system and power-asymmetry, among other reasons. We discuss certain observations about the status quo and conclude with recommendations for HEIs, researchers, and regulatory bodies to improve the situation.
Read more9/6/2024
0
Evaluating Privacy, Security, and Trust Perceptions in Conversational AI: A Systematic Review
Anna Leschanowsky, Silas Rech, Birgit Popp, Tom Backstrom
Conversational AI (CAI) systems which encompass voice- and text-based assistants are on the rise and have been largely integrated into people's everyday lives. Despite their widespread adoption, users voice concerns regarding privacy, security and trust in these systems. However, the composition of these perceptions, their impact on technology adoption and usage and the relationship between privacy, security and trust perceptions in the CAI context remain open research challenges. This study contributes to the field by conducting a Systematic Literature Review and offers insights into the current state of research on privacy, security and trust perceptions in the context of CAI systems. The review covers application fields and user groups and sheds light on empirical methods and tools used for assessment. Moreover, it provides insights into the reliability and validity of privacy, security and trust scales, as well as extensively investigating the subconstructs of each item as well as additional concepts which are concurrently collected. We point out that the perceptions of trust, privacy and security overlap based on the subconstructs we identified. While the majority of studies investigate one of these concepts, only a few studies were found exploring privacy, security and trust perceptions jointly. Our research aims to inform on directions to develop and use reliable scales for users' privacy, security and trust perceptions and contribute to the development of trustworthy CAI systems.
Read more6/14/2024
0
Privacy Checklist: Privacy Violation Detection Grounding on Contextual Integrity Theory
Haoran Li, Wei Fan, Yulin Chen, Jiayang Cheng, Tianshu Chu, Xuebing Zhou, Peizhao Hu, Yangqiu Song
Privacy research has attracted wide attention as individuals worry that their private data can be easily leaked during interactions with smart devices, social platforms, and AI applications. Computer science researchers, on the other hand, commonly study privacy issues through privacy attacks and defenses on segmented fields. Privacy research is conducted on various sub-fields, including Computer Vision (CV), Natural Language Processing (NLP), and Computer Networks. Within each field, privacy has its own formulation. Though pioneering works on attacks and defenses reveal sensitive privacy issues, they are narrowly trapped and cannot fully cover people's actual privacy concerns. Consequently, the research on general and human-centric privacy research remains rather unexplored. In this paper, we formulate the privacy issue as a reasoning problem rather than simple pattern matching. We ground on the Contextual Integrity (CI) theory which posits that people's perceptions of privacy are highly correlated with the corresponding social context. Based on such an assumption, we develop the first comprehensive checklist that covers social identities, private attributes, and existing privacy regulations. Unlike prior works on CI that either cover limited expert annotated norms or model incomplete social context, our proposed privacy checklist uses the whole Health Insurance Portability and Accountability Act of 1996 (HIPAA) as an example, to show that we can resort to large language models (LLMs) to completely cover the HIPAA's regulations. Additionally, our checklist also gathers expert annotations across multiple ontologies to determine private information including but not limited to personally identifiable information (PII). We use our preliminary results on the HIPAA to shed light on future context-centric privacy research to cover more privacy regulations, social norms and standards.
Read more8/20/2024
0
The Role of Privacy Guarantees in Voluntary Donation of Private Data for Altruistic Goals
Ruizhe Wang, Roberta De Viti, Aarushi Dubey, Elissa M. Redmiles
Voluntary donation of private information for altruistic purposes, such as advancing research, is common. However, concerns about data misuse and leakage may deter individuals from donating their information. While prior research has indicated that Privacy Enhancement Technologies (PETs) can alleviate these concerns, the extent to which these techniques influence willingness to donate data remains unclear. This study conducts a vignette survey (N=485) to examine people's willingness to donate medical data for developing new treatments under four privacy guarantees: data expiration, anonymization, use restriction, and access control. The study explores two mechanisms for verifying these guarantees: self-auditing and expert auditing, and evaluates the impact on two types of data recipient entities: for-profit and non-profit institutions. Our findings reveal that the type of entity collecting data strongly influences respondents' privacy expectations, which in part influence their willingness to donate data. Respondents have such high expectations of the privacy provided by non-profit entities that explicitly stating the privacy protections provided makes little adjustment to those expectations. In contrast, statements about privacy bring respondents' expectations of the privacy provided by for-profit entities nearly in-line with non-profit expectations. We highlight the risks of these respective results as well as the need for future research to better align technical community and end-user perceptions about the effectiveness of auditing PETs and to effectively set expectations about the efficacy of PETs in the face of end-user concerns about data breaches.
Read more7/8/2024