*Co-Author Emmett McGroarty
Much has been written about the dangers of the proposed Strengthening Education Through Research Act (SETRA), especially the bill’s extension of student data-collection to socioemotional data. But parents should realize the broader privacy problems with government-sponsored education “research.”
Student data-privacy is supposedly protected on the federal level by the Family Educational Rights and Privacy Act (FERPA). In 2012, however, the U.S. Department of Education (USED) gutted FERPA via Obama administration regulation. Among other outrages, the new regulation allows USED (and other entities) to take student personally identifiable information they receive from states or educational institutions and redisclose that data to researchers, without obtaining consent from or even notifying the entities that provided the data in the first place.
So as long as someone claims to be doing research “to improve instruction, administer student aid programs, or develop, validate, or administer predictive tests,” and signs an agreement promising with all his heart to protect confidentiality, he has a good shot of getting his hands on personally identifiable student data. The relaxation of FERPA protections creates dangers that highly personal student data will be shared among interested “researchers” – and neither the students nor their parents would have any idea this is happening.
According to data-privacy expert Barmak Nassirian of the American Association of State Colleges and Universities, “’research’ has become the easiest incantation by which virtually anyone could get direct access” to personally identifiable information.
A case in point is presented in a May 2, 2016 announcement from USED that it plans to “offer other federal agencies and affiliated researchers data access to conduct research that can inform and advance policies and practices that support students’ postsecondary success and strengthen repayment outcomes for borrowers.” Highly sensitive financial information about students and their families will be opened up to other government agencies to allow them to “match administrative student aid data files with other survey and administrative data . . . .”
The first researchers who will rummage around in this personal data will be those from the Federal Reserve Board. Name a single student who thought that by applying for a student loan, he was agreeing to have his sensitive information shared with the Fed – or “other federal agencies.”
As Mr. Nassirian observes, “there are some serious legal issues here, specifically with regard to data-matching.” It’s not clear under what authority these multiple federal entities may match and combine their data files to create new, more intrusive files on individuals who never consented to that. After all, federal law still prohibits (theoretically, although the Administration has labored to evade the restrictions) maintenance of a national student database. So is the mere existence of such files even legal?
USED isn’t concerned with minutiae such as legality. Moreover, it promises to “ensur[e] safeguards are in place to protect the privacy of students and families.” But that commitment rings hollow in light of USED’s scandalous data-security deficiencies exposed during a congressional hearing last November.
As testified by an official from the Office of the Inspector General (OIG), “During our testing . . . OIG testers were able to gain full access to the Department’s network and our access went undetected by Dell [the vendor] and the Department’s Office of the Chief Information Officer.” She also testified that USED “is not heeding repeat warnings from the Inspector General (IG) that their information systems are vulnerable to security threats.”
Do USED bureaucrats understand the term hutzpah?USED is called out for egregious failures in protecting sensitive student and family data, but instead of committing to fix the problem and actually, well, fixing the problem, USED breezily announces that it will throw open the gates to practically anyone who calls himself a researcher. As Clinton staffers in the 90’s were said to have held pizza parties to read through political opponents’ FBI files, maybe DC bureaucrats from multiple agencies can gather to combine each other’s files in fun and creative ways.
But, USED would argue, look at all the great information we can get to craft our policies if we mine the data for all its secrets! Maybe, maybe not. But that point is simply irrelevant. No, Secretary King, you do not have the right to hand over my child’s personal information to the Federal Reserve or the Department of Health and Human Services or anyone else. The ends do not justify the means. If you want my cooperation, ask me for it. Otherwise, scrap the Big Brother routine and respect your boundaries.