In 2022, student privacy gets a solid “C” grade. The trend of schools engaging in student surveillance did not let up in 2022. There were, however, some small wins indicative of a growing movement to push back against this encroachment. Unfortunately, more schools than ever are spying on students through EdTech software and other means.
In an important decision by a federal judge, a remote proctoring “room scan” by a public university – Cleveland State University in Ohio – was deemed an unreasonable search under the Fourth Amendment. “Room scans,” where students are forced to use their device’s camera to give a 360-degree view of everything around the area in which they’re taking a test, are one of the most invasive aspects of remotely proctored exams. Often, these scans are done in a personal residence, and frequently a private space, like a bedroom.
The district court recognized that room scans provide the government (public schools are government entities) with a window into our homes—a space that “lies at the core of the Fourth Amendment’s protections” and long-recognized by the Supreme Court as private. There are few exceptions to this requirement, and none of the justifications offered by the university—including its interests in deterring cheating and its assertion the student may have been able to refuse the scan—sufficed to outweigh the student’s privacy interest in this case. Though this decision isn’t binding on other courts, any student of a state school hoping to push back against room scans in particular could now cite it as persuasive precedent. The school is expected to appeal to the Sixth Circuit.
EFF began looking more closely at student activity monitoring software, which is basically indistinguishable from spyware, and is used to filter, block, and flag vast amounts of student activity on their school-issued, and sometimes personal, devices. We already know that the machine learning algorithms in this software that filter, flag, and block content routinely misclassify any LGBTQ+ content as “Adult” content. We know that Securly flags “Health” sites (like WebMD) as “needs supervision,” andGoGuardian blocks access to reproductive health materials. It isn’t difficult to see the harms that will occur as more anti-trans laws pass and the legal right to abortion is overturned: students who use their devices to research topics such as trans healthcare or abortion-related material could find those devices weaponized against them, potentially resulting in criminal charges. Moreover, there are already examples of these apps outing LGBTQ+ students.
In 2021, we fought an uphill battle against schools such as Dartmouth, whose administration unjustifiably accused students of cheating based on a misinterpretation of data from Canvas, a “Learning Management Software” (LMS) platform that offers online access to class material. . Though the Dartmouth administrators backed down, we’ve heard from multiple students at other schools with similar issues since then. To continue educating schools on the inaccuracy of LMS activity logs, we called on both Canvas and Blackboard to put clearer disclaimers on their log data and publicly defend any student accused of misusing these platforms based on similar data misinterpretations. We asked schools to remove any marks on any student records that were based on LMS data, and make a clear policy not to use it in the future. We will continue to call for these changes; schools still over-value the reliability of these logs, and though Canvas and Blackboard have confirmed to us or on their sites that they do not recommend using them for disciplinary investigations, they have not made these disclaimers clear.
Although many students have gone back to in-person learning, remote proctoring is still a concern because we don’t believe it is going away. Along with Privacy Rights Clearinghouse, we sponsored legislation in California, the Student Test Taker Privacy Protection Act (STTPPA), that would have directed proctoring companies to follow reasonable data minimization practices, meaning they cannot collect, use, retain, or disclose test takers’ personal information except as strictly necessary to provide proctoring services. With STTPPA codified into law, if a student’s data was processed beyond what was required to proctor the exam, the student would have the opportunity to take the proctoring company to court. Unfortunately, this bill was weakened before it was signed into law, and it no longer offers individual students the right to bring suit against companies for violations. EFF dropped our support of the bill, because we believe strongly that a private right of action is necessary for consumer privacy laws such as this to have teeth.
In another remote proctoring fight, EFF client Erik Johnson, a Miami University computer engineering undergraduate, reached a settlement in the lawsuit we brought on his behalf against exam surveillance software maker Proctorio, in a victory for fair use of copyrighted material and people’s right to fight back against bad faith Digital Millennium Copyright Act (DMCA) takedowns used to silence critics. Johnson, who is also a security researcher, sued Proctorio after it misused the copyright takedown provisions of the DMCA to remove his comments about security flaws with the service that he posted on Twitter. Under the settlement, Proctorio dropped its copyright claim and other claims it had filed blaming Johnson’s advocacy for damaging its reputation and interfering with its business. In return, Johnson dropped his claims against Proctorio. Johnson’s tweets, which were restored by Twitter through the DMCA’s counter-notice process, will remain up.
In an expansion of our student privacy advocacy, EFF also honed in on young students—those in daycare. EFF’s investigation found early education and daycare apps have several troubling security risks, and in addition to detailing these flaws, we also urged the Federal Trade Commission to look into the issue. Learn more about our fight to improve daycare app privacy in 2022.
We have big plans for the coming year’s fight to protect student privacy, and look forward to further highlighting the problem of student activity monitoring software, in particular. For now, if you’re interested in learning more about protecting your privacy at school, take a look at our Surveillance Self-Defense guide on privacy for students.
This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2022.
Last year, several parents at EFF enrolled kids into daycare and were instantly told to download an application for managing their children’s care. These applications frequently include notifications of feedings, diaper changes, pictures, activities, and who picked-up/dropped-off the child—potentially useful features for overcoming separation anxiety of newly enrolled children and…
Yesterday, nearly 100 organizations have asked Congress not to pass the Kids Online Safety Act (KOSA), which would “force providers to use invasive filtering and monitoring tools; jeopardize private, secure communications; incentivize increased data collection on children and adults; and undermine the delivery of critical services to minors by…
SAN FRANCISCO—The Federal Trade Commission must review the lack of privacy and security protections among daycare and early education apps, the Electronic Frontier Foundation (EFF) urged Wednesday in a letter to Chair Lina Khan.Daycare and preschool applications frequently include notifications of feedings, diaper changes, pictures, activities, and which guardian…
Online proctoring companies employ a lengthy list of dangerous monitoring and tracking techniques in an attempt to determine whether or not students are potentially cheating, many of which are biased and ineffective. This week, one of the more invasive techniques—the “room scan”—was correctly deemed unconstitutional by a…
Last year, several parents at EFF enrolled kids into daycare and were instantly told to download an application for managing their children’s care. Daycare and preschool applications frequently include notifications of feedings, diaper changes, pictures, activities, and which guardian picked-up/dropped-off the child—potentially useful features for overcoming separation anxiety of newly…
Spyware apps were foisted on students at the height of the Covid-19 lockdowns. Today, long after most students have returned to in-person learning, those apps are still proliferating, and enabling an ever-expanding range of human rights abuses. In a recent Center for Democracy and Technology report, 81 percent of…
Too many young people – particularly young people of color – lack enough familiarity or experience with emerging technologies to recognize how artificial intelligence can impact their lives, in either a harmful or an empowering way. Educator Ora Tanner saw this and rededicated her career toward promoting tech literacy and…
School digital environments are increasingly locked down, increasingly invasive, and increasingly used for disciplinary action. This has never been more troubling than during the pandemic, with schools adopting remote proctoring and surveillance tools at alarming rates and entering students’ homes via school-issued and personal devices. As students have tried to…
EFF client Erik Johnson, a Miami University computer engineering undergraduate, reached a settlement in the lawsuit we brought on his behalf against exam surveillance software maker Proctorio, in a victory for fair use of copyrighted material and people’s right to fight back against bad faith Digital Millennium Copyright Act (DMCA)…
Putting children under surveillance and limiting their access to information doesn’t make them safer—in fact, research suggests just the opposite. Unfortunately those tactics are the ones endorsed by the Kids Online Safety Act of 2022 (KOSA), introduced by Sens. Blumenthal and Blackburn. The bill deserves credit for…
Back to top
