Privacy & Security

FBI Raises Alarm on Ed Tech and Student Data Privacy, Security

By Benjamin Herold — September 13, 2018 3 min read
  • Save to favorites
  • Print

The Federal Bureau of Investigation warned Thursday that the rapid proliferation of education technologies in U.S. schools poses privacy and safety risks for children.

“The widespread collection of sensitive information by ed tech could present unique exploitation opportunities for criminals,” according to a public-service announcement issued by the Bureau’s Internet Crime Complaint Center.

“Malicious use of this sensitive data could result in social engineering, bullying, tracking, identity theft, or other means for targeting children,” the FBI advised.

The new announcement cites a wide range of sensitive information collected in schools, including personally identifiable information; biometric data; students’ web-browsing histories, IP addresses, and geolocation; behavioral, disciplinary, and medical information; and academic and classroom data.

Concerns around student-data privacy and security are certainly not new to K-12 schools or the ed-tech industry. In the past year alone, Education Week has reported on concerns over the move to collect information on students’ feelings; worries about student data brokers and voice-activated speakers in the classroom; and a wide range of cyberattacks and security breaches involving schools.

Indeed, other federal agencies have already issued related notices. In February, for example, the Internal Revenue Service released an “urgent alert” about scammers targeting school districts with W-2 phishing schemes. And last year, the U.S. education department cautioned that cyber criminals were targeting school districts.

In its announcement, the FBI specifically warns of “ed tech connected to networked devices or directly to the internet.” That includes “improperly secured take-home devices,” such as laptops and tablets that many schools now give to students. In-school monitoring devices, such as networked security cameras, are also vulnerable, especially if they can be operated remotely, the FBI wrote.

Among those reacting to the alert was the Future of Privacy Forum, a Washington think tank that is behind the voluntary “Student Privacy Pledge” signed by hundreds of ed-tech companies.

The group applauded the FBI’s effort to raise awareness, but cautioned that “most student data disclosures are caused by human error,” and warned that the K-12 sector needs additional resources to combat the growing threats.

“While other industries are investing in greater IT security to protect against cyber threats, many schools are facing budget constraints that result in declining resources for IT security programs,” staff members from the Future of Privacy Forum wrote on their blog. “Schools across the country lack funding to provide and maintain adequate security,” they wrote.

In its announcement, the FBI included a number of recommendations for parents. Among them:

  • Research existing student and child privacy protections of the Family Educational Rights and Privacy Act (FERPA), the Protection of Pupil Rights Amendment (PPRA), the Children’s Online Privacy Protection Act (COPPA), and state laws as they apply to ed-tech services.
  • Discuss with their local districts about what and how educational technologies and programs are used in their schools.
  • Conduct research on parent coalition and information-sharing organizations which are available online for those looking for support and additional resources.

“We’re thrilled the FBI is clearly articulating the many risks associated with ed-tech use in schools, and we’re especially excited to see a recommendation encouraging the public to reach out to parent organizations for information and support,” said Rachael Stickland, the co-chair of the Parent Coalition for Student Privacy.

See also:

Related Tags:

A version of this news article first appeared in the Digital Education blog.