Wednesday, November 27, 2013

Long Island Data Breach of 15,000 Students' Data Should Send Shudders in inBloom-Wary Parents

*Tech experts not confident with data cloud security  *School boards developing discipline score to feed to colleges *Data breach is third for the Sachem district *Where does deBlasio stand on inBloom?

Not making the headlines of major media was the breach of approximately 15,000 student records in 18 elementary, middle and high schools in the Sachem school district in Suffolk County, Long Island, New York a couple of weeks ago. In fact, briefly, confidential information was posted on an external website "Sachem Unspun", as reported on the News 12 television station. A Holbrook 17 year old was arrested on November 22 in connection with the hacking of student data. For parents and other activists, this incident should serve as a matter of concern as to whether families can school systems can rest assured that student records wold be secure. That this has happened, even before the ambitious aggregation and indexing of data under inBloom, is a matter of concern for the security of future databases.

InBloom -New York is the "non-profit"'s last committed client after the pledged states originally peaked at nine states (see this article for the list of the original states). As a Statewide Longitudinal Data System (a student database) it is dictated by Obama and Arne Duncan's Race to the Top. InBloom has 400 data points, lots of private student information that could be potentially misused in leaks or hacking.

New York Board of Regents Chancellor Merryl Tisch summarily dismissed Regent Roger Tille's concerns that she was too close to Joel Klein, that it led to favoritism in the New York State Education Department's contract with Rupert Murdoch's Wireless Generation (today WG's unit tending to inBloom is renamed Amplify, as Andrea Gabor reported in "Will Rupert Murdoch's Media Empire End Up Owning Your Child's Student Data?"), the company handling inBloom; education commissioner John King dismissed no-bid contract concerns about the deal, saying that New York was under time pressure from Race to the Top deadlines. InBloom represents a big project objective of the shadowy, unaccountable Regents Fellows that set NYS education policies behind the scenes. The King-Tisch duo, deaf to parent security concerns, are being consistent with their tone of contemptuous disregard for parent, educator and student opinion on Common Core. See the videos at the right on parent and student reactions to the Common Core and their test regimen. Their tests data will be a central data point in the inBloom database.

Yet, the recent Sachem district breach was actually the third such breach of the district's student records. In fact, inBloom's own site carries a disclaimer against liability for student data safety: "[inBloom] cannot guarantee the security of the information stored…or that the information will not be intercepted when it is being transmitted.” In fact, information technology security professionals are not confident with the security of cloud storage of sensitive data, as Leonie Haimson reported in an op-ed contribution to the Daily News. Amazon is the commercial entity from which inBloom is renting the cloud storage for the data.

Is it that urgent that inBloom be imposed on the people of New York State? Consider the variety of ways that the data could be misused. From bullying to extortion, it is risky to have so much data that could be stored in clouds, information that could be exploited. We have already seen how seen how many fragile many teens are, in the face of cyber-harassment, a number of students have taken their own lives. Are taxpayers comfortable with prospect of footing legal bills when parents (understandably) sue the state or districts following breaches of student data security? And never forget how Murdoch's News of the World was engaged in scandalous hacking of people's private information, as revealed in press reports last year? See this video in which New York State superintendents themselves say that many of the 400 data points have little relation to assisting students with learning.

November 21, 2013 from SC magazine:

Data breach of Long Island school district affects thousands of students


Roughly 15,000 students enrolled in 18 Long Island elementary, middle and high schools – comprising the Sachem School District – may have had personal data compromised by an unidentified individual who posted the information on an online forum.

How many victims? Roughly 15,000.
What type of personal information? Posted on the forum was a list of 15,000 names with student ID numbers and school lunch designations, student records on 360 students who graduated Sachem High School East in 2008, and a report relating to approximately 130 students who attended Sachem High School North who were receiving instructional services in an alternate setting in the 2010-2011 year, the district confirmed.
On a separate forum, a concerned user posted about having seen medical records, doctor's letters, report cards, district registration documents that include names, addresses, dates of birth and parent information, and disciplinary records.
What happened? On separate occasions, student documents were posted on an online forum by someone who claimed the Sachem School District database had been hacked.
What was the response? Sachem School District audited its firewalls and intrusion detection systems. The website that hosted the forum has been contacted and has removed any posts containing school data. The school district is mailing letters to affected families. An investigation is ongoing with local and federal law enforcement.
Details: Sachem School District first became aware in July that school documents were being posted online. An official investigation into the schools' firewalls and intrusion detection systems revealed that a breach did not originate from the outside. Additional information was posted online in August and again a breach was not deemed to have originated from the outside. Student information was posted most recently on Nov. 8.
Quote: “The district has devoted every available resource to cooperate with and to assist law enforcement,” according to a post on the Sachem School District website. “Access to student records is an important daily internal function of any school district. This is a necessity, but can unfortunately render our data vulnerable to a determined criminal actor willing to misuse access to our systems.”

Source: sachem.edu, “Regarding the theft of student data,” Nov. 19, 2013
The bipartisan "Moms Against Duncan" Facebook group ("a NONPARTISAN, NONPOLITICAL, PRO-PUBLIC EDUCATION, ANTI-COMMON CORE place for parents to connect, find local groups and actively fight for their children" --caps in original) had this statement in recent weeks. It gets to concerns about the ultimate governmental and commercial uses of student personal data:
As the co-founder of MAD (Moms Against Duncan) we are linking groups of parents all over this country together. Our ultimate goal is a 10% standardized test opt out rate in every school K-8. We will corrupt the data so it is useless. No school scores, no teacher scores, no student scores. No databases, no prison planning data, no economic development data. Pearson, Gates and Duncan can kiss our multicolored backsides. Our children are NOT data. We want all this wasted money back in the hands of our teachers.
Patrick Sullivan, noted for his civic integrity on New York City's Panel for Educational Policy, drew attention this week to how the New York State School Boards Association is planning to develop an "inBloom score" on student to inform colleges on how students behaved in school. The school board's plan is troubling, because many students grow up to be responsible and academically proficient in college, despite having discipline issues in their school careers as minors. It is for this issue that student discipline records until recently have been sealed, off-limits after graduation.

deBlasio, Which Side Are You On?
[Postscript: NYC Public School Parents has a piece on the opposition in Chicago against the inBloom system. Leonie Haimson wrote on how Herricks Superintendent John Bierwith reported that all the Nassau superintendents are solidly against inBloom, “I don’t think there’s a person in Nassau County who thinks InBloom is a good idea." . So, how do things stand for next year in New York City? "Which Side Are You On?" Will de Blasio's chancellor support or oppose inBloom? Also, will deBlasio disband the private arm working inside of New York City education that Haimson referred to, Fund for Public Schools, that just in last year received $1.8 million from the Gates Foundation? We do not need the continuation of private, unaccountable operations setting government policy.