Late last month, soon after University of Missouri-Columbia students returned to school from winter break, stories began appearing about the university’s expansion of a program to track student attendance using an app owned by Arick LLC called “SpotterEDU,” which the university previously used in its sports programs.
According to the university, the primary purpose of this app is to validate that students are attending class. The university claims the app saves teaching time by obviating the need for professors to take attendance. Likewise, the university proffered that poor attendance is often “a warning sign for poor grades and future struggles,” so use of this app will allow earlier interventions.
It’s not just the University of Missouri; the app is now employed at nearly 40 schools nationwide — including universities like Syracuse, Auburn, Indiana and Columbia.
As one might expect, students, parents and privacy advocates raised concerns about the use of this Big Brother-like technology, not to mention concern about how the data might be employed down the road, should the university encounter situations where student location information might prove useful.
So, as with many challenges that arise today in the context of balancing between technology and privacy, the primary question is, are the privacy trade-offs worth it?
In all fairness, the Spotter app’s privacy policy does state that the data collected remains the property of the university: “. . . we consider the information we collect in connection with providing attendance and reporting Services to belong to our Institutions.”
Likewise, Spotter’s privacy policy promises to use students’ information only for purposes of providing the services offered by the app and not to sell or otherwise distribute that information for marketing purposes (although they do reserve the right to utilize usage information, as well as deidentified/aggregated data). Like many apps today, however, Spotter works with third party analytic companies, and therefore disclaims responsibility for what those third parties might collect, which could include the personal Information of students who visit the Spotter service. So, while Spotter doesn’t affirmatively share this information with third parties, those parties may be able to help themselves to this smorgasbord of data.
And while it’s true that students have the right to opt-out of using the app, what’s not completely clear is the ramifications to students who exercise this right. For example, are there institutional disadvantages to exercising this right? And how well is this right understood by students?
Perhaps more concerning is that if a student downloads the app and then later changes his/her mind, this may not be enough to protect the student’s privacy. As explained in Spotter’s privacy policy, even if a student turns off the collection of location data through “device settings,” the app “may still be able to collect or infer your approximate location through other information we collect, such as IP address.” So much for exercising choice.
In Spotter’s defense, the app affirmatively commits to retaining student information only for as long as needed to provide the services to the university — as per their agreement with the university — after which it’s destroyed. But this of course begs the question as to what’s in those agreements. Generally speaking, contracts between schools and Ed Tech vendors are not made public, and parents and students have little knowledge of — or control over — how schools and Ed Tech vendors inevitably divvy up and monetize student data.
Finally, while by no means limited to Spotter — or even just student data privacy — a significant question to consider when sharing data with an app is what happens if, or when, the app changes ownership?
In Spotter’s case, in the event of “a transition (such as a merger, acquisition, bankruptcy, . . .), any information owned or under the control of Arick (including, without limitation, your personal Information) will likely be among the transferred assets.” In other words, all bets are off once Spotter is gobbled up, whether by a Facebook, a Google, or an Ed Tech company, any of which could see the student data as the most valuable asset.
Truth be told, at the end of the day the Spotter app is certainly not the most alarming technology in the field of student data privacy today. Nor does it represent the greatest potential threat to student privacy, given the limited amount of personal information collected, the promised limitations on data sharing, and the fact that students conceptually have the ability to opt out.
But it does represent a concerning trend toward the use of technology to track students in ways never before done — or needed. A similar concern was raised last year with regard to the use of the e-Hallpass system to track students going to the bathroom in schools in Loudon County, Va., and Montgomery County, Md.
Looking at this from a data ethics prospective, perhaps we should stop and ask ourselves “why”? Why do we need an app to track student attendance? Is this truly where the largest problems in our education system lie? Are the teacher productivity increases really worth the privacy trade-offs?
Having been an adjunct professor at both a university and now a law school, I can tell you that my biggest concern has rarely — if ever — been the time spent on attendance. Far more often, the biggest chunk of my time is spent on bolstering the writing skills of today’s college and post-graduate students.
Likewise, while I’m all in favor of early intervention for struggling students, one shouldn’t need an attendance app to identify those students. A professor should be able to spot those students though ongoing coursework, quizzes, study sessions, discussion boards, mid-terms, written papers, office hours (real or virtual), etc.
And perhaps most importantly, do we really need — or want — to acclimate our children to thinking that constant surveillance and monitoring is the norm? While I can’t answer for everyone, I’m quite confident of what the answer would be if we were in various provinces of China today or to pose the question to the author of Big Brother himself, George Orwell: it would be a resounding “no.”
Joel Schwarz is a senior principal at Global Cyber Risk, LLC, where he works as a consultant and attorney, and an adjunct professor at Albany Law School, teaching courses on cybercrime, cybersecurity and privacy. He previously served as the Civil Liberties and Privacy Officer (CLPO) for the National Counterterrorism Center and was a cybercrime prosecutor for the Justice Dept. and N.Y. State Attorney General’s Office. He was also counsel on e-commerce and privacy for MetLife.