As a parent of a child who will be entering the Maryland public school system next year, I was troubled to learn that some Maryland public schools are utilizing a program called PalmSecure to scan the palm and vein patterns of our children to pay for school lunches. School officials claim that this system is needed because a palm scan takes less time than asking a child to scan a meal card or utilize old-fashioned cash and coins. While school officials allege that the palm and vein images of our children are not stored, once data are created electronically they are saved in some type of identifiable format that may be utilized in the future for purposes that were never initially imagined.
This is not the first time Maryland school officials have not properly weighed digital privacy issues when making a technology decision that affects our children. In 2010, the Maryland Education Enterprise Consortium (MEEC) entered into an agreement with Google so Maryland K-12 and higher education institutions would be able to provide free access to Google Apps for Education to students. Google provides Maryland students free access to its Gmail, Calendar, Docs, Sites, Video Search and Groups under its agreement with MEEC.
At first glance, MEEC's agreement with Google appears to be an ideal solution to ensuring access to digital educational tools. Maryland students are able to collaborate in a school setting digitally for free. However, after reviewing Google's agreement with MEEC, I found it to be very troubling. I am so bothered by this agreement that I will not allow my children to participate in Google Apps for Education until MEEC renegotiates its agreement to better protect our children's privacy.
One aspect of MEEC's agreement that raises significant privacy concerns is that it enables Google to store and process our children's data in a foreign country. Servers housed overseas may be governed by less stringent privacy laws that may put our children's personal safety and data at risk. For example, our children's homework assignments may be subject to lax privacy laws that parents never imagined because of where Google stores and processes our children's personal information.
Is it acceptable if our children's physical public school records and assignments are stored and processed outside of the United States? If it is not acceptable for public schools to store and process physical public school records and data in storage facilities in foreign countries, then is it acceptable to allow our children's digital school records and personal data to be housed and processed outside of the United States?
Another troubling issue with MEEC's agreement with Google is that it provides schools the ability to turn on behavioral advertising that may serve our children ads based upon their emails, attachments, uploaded videos and digital activity. (Behavioral advertising occurs when a marketer utilizes an individuals' personal preferences to uniquely advertise commercial products to them.) Did Google include the ability for Maryland schools to behavioral-advertise to our children to make it more palatable in the future when our schools may be interested in an easy-to-implement new revenue stream?
Would it be acceptable if a teacher, while reviewing student assignments, captured student preferences and then returned graded projects with coupons for discounted items based upon student work? Or, what if a teacher was paid to provide toy offers to children based upon how they responded to classroom projects? These scenarios may be considered behavioral advertising, so if such activities are not allowed in the "real" world, should Maryland schools have the ability to do this in the digital world?
Of Google's $37.9 billion in 2011 revenue, 96 percent came from advertising. Is Google providing free access to its educational programs in the hopes that one day it will earn advertising revenue from data mining our children's digital school assignments and education-related interactions?
Maryland schools must re-evaluate how they protect student privacy, and they must be more cognizant when making public policy decisions that may put personal privacy and safety at risk.
Bradley Shear, a Baltimore native who works in Bethesda, is a lawyer and advocate for stronger digital privacy protection. His email is email@example.com.