Thursday, July 31, 2014

U.S. Protecting Student Privacy Act Needs More Teeth

The bipartisan "Protecting Student Privacy Act" was introduced yesterday by Senators Edward J. Markey (D-Mass.) and Orrin Hatch (R-Utah) and according to the bill's press release, it "would help safeguard the educational records of students" because, "[r]ecent changes to the Family Educational Rights and Privacy Act (FERPA) have allowed for increased sharing and use of student data in the private sector."  As part of the rationale behind the need for the legislation it is mentioned that, "one survey found only 25 percent of districts inform parents of their use of cloud services and 20 percent of districts fail to have policies governing the use of online services."

FERPA needs to be updated to account for the technological advancements that have occurred in the Digital Age.  The law was enacted in 1974 when student educational records were mostly created by pen and paper and/or typewriter and stored in a school administration filing cabinet or in a teacher's notebook or classroom closet.  At that time, in general, only teachers and school administrators had access to a student's educational records. 

Since the 1970's, advancements in technology have changed the way teachers interact with students, parents, and legal guardians. When I was attending elementary, middle, and high school throughout the 1980's, the primary form of communication between teachers and students/parents was via in-person meetings, paper letters, and/or phone calls.  In contrast, the primary form of communication between my children's teachers and my wife and I occurs via digital platforms. 

As a parent, I watch my children play and learn with electronic devices on a regular basis.  Even though my children watch television as I did at their age, they are becoming more interested in utilizing educational websites and digital device apps.  Some of these platforms have helped them learn language skills, math, geography, history, etc....With more school districts beginning to provide students digital devices, the privacy and cyber safety issues inherent with the usage of these electronic platforms are becoming more apparent. 

According to Politico, "[m]any of the latest digital tools (i.e. email, apps, cloud services, online textbooks, etc...) collect vast amounts of “metadata” as students work online; the sites track academic progress and log information about the child’s location, computer equipment and browsing habits. Most of that data never finds its way into official school files and thus is unlikely to be considered an “educational record.” That means private companies are free to do what they want with it."  This is very alarming considering that when Kathleen Styles, the Chief Privacy Officer of the Department of Education was questioned about these issues she stated that "[a]lot of metadata won't fit as an educational record."    

Due to all of the personally identifiable student information included in emails, apps, online textbooks, web browsing history and other digital activities (i.e. metadata) students may create while utilizing school provided digital services and learning tools, it is imperative that FERPA is updated to ensure that our children and future generations receive the same privacy protections we enjoyed while we attended school.  Should colleges, potential employers, insurance companies, etc... be allowed to access student scholastic digital communications and make hiring, firing, and policy decisions based on this information?  Should advertisers be allowed to prey upon (via behavioral advertising) students based upon their student-teacher and/or student-student digital communications?

It is very troubling that the Software & Information Industry Association (SIIA) continues to refuse to acknowledge the dire need for stronger digital privacy laws to protect our students despite clear and convincing evidence that FERPA does not properly protect our children's privacy in the Digital Age.  During a June 25, 2014 hearing on Capitol Hill Professor Joel Reidenberg presented Fordham Law School's Center on Law and Information Policy's seminal cloud computing study findings that demonstrated some cloud computing vendors are negotiating agreements with schools that put our students personal privacy at risk.

In addition to Prof. Reidenberg's study, Education Week and Politico performed recent in-depth investigative reports regarding the need for FERPA to be updated to better protect student privacy. These investigations found that when provided the opportunity some educational technology vendors will abuse their access to student data for profit.  For example, Education Week exposed Google's practice of scanning student emails for behavioral advertising purposes and Politico found multiple other educational technology companies that had similar troubling privacy practices and/or policies (or none at all) that enabled similar abuses of personal student data.  

Since Congress has not addressed these issues until now, states across the country have introduced and enacted more robust student data protection laws to address the privacy concerns that FERPA was not designed to protect.  For example, Kentucky and Rhode Island are some of the states that have acted to better protect our children from entities that may abuse their access to student educational digital data.     

While it is a very positive development that states are acting to better protect student privacy, it may be most efficient if robust federal legislation is enacted.  I commend Senators Markey and Hatch for introducing the Protecting Student Privacy Act and making student privacy an important bipartisan issue during these very partisan times on Capitol Hill.

The introduction of the Protecting Student Privacy Act is a good first step; however, it needs to be amended to have the intended effect of updating FERPA to account for the Digital Age.  For example, the bill needs to expand the definition of educational records to include student emails and digital metadata created on school provided services, platforms, and equipment.  Under FERPA, there is no private right of action against companies that utilize student data for non-educational purposes. To be truly effective, the legislation must hold vendors legally accountable and allow for a private right of action against those entities that violate the law. 

To paraphrase Hilary Clinton, it takes a village to protect our students' personal privacy.  Absent more robust federal student privacy laws, parents may soon come out in force against utilizing innovative digital learning tools and services.  It is imperative that Congress pass stronger student privacy laws that have strong enforcement mechanisms so students, parents, and teachers feel safe utilizing new learning tools that will help our students compete in the global economy.    

Copyright 2014 by Shear Law, LLC All rights reserved.

Friday, July 18, 2014

Social Media Evidence May Determine Who Shot Down Malaysian Plane

It appears that a Malaysian passenger jet may have been mistakenly shot down in the skies above territory that is in dispute between Ukraine and Russia.  USA Today is reporting that rebels who may be backed by Russia may have arms capable of downing a passenger jet that is flying 20,000+ feet in the sky.

Photos of the tragedy have appeared online and it leads me to believe that the crash site may become contaminated. In this hyper-sensitive and viral world everything posted online about this tragedy is put under a microscope.  For example, American Pie actor Jason Biggs Tweet “Anyone wanna buy my Malaysian Airlines frequent flier miles?” was deemed so offensive by the Internet community that he ended up issuing an apology after it went viral. 

Entertainers and politicians do not have a monopoly on regretting their online posts.  According to AFP, it appears that some Pro-Russian insurgents may also have itchy social media fingers because some of their online postings boasting about downing an airplane around the same time/place that the Malaysian jet went down have now been deleted.  Since the crash site may become contaminated will social media become crucial evidence in determining who shot down the Malaysian passenger jet? 

Copyright 2014 by Shear Law, LLC.  All rights reserved.

Wednesday, July 9, 2014

Porky's Fan? VA Prosecutor Requests Warrant To Photo Sexting Teen's Erect Penis

An article in the Washington Post alleges that Manassas City police and Prince William County prosecutors want to take photos of a teenage suspect's erect penis as evidence to prosecute him for sexting with his girlfriend.  In order to photograph the suspect's erect penis he may be required to go to a hospital and receive an injection to create an erection.

It appears that the case began when the suspect's (he is 17 years old) 15 year old girlfriend sent photos of herself to the 17 year old, who responded by sending the 15 year old girl allegedly pornographic images of himself.  The family of the girl notified authorities about the matter.  Interestingly, prosecutors did not file charges against the girl.   

This case reminds me of the movie Porky's when physical education teacher Ms. Balbricker asks the high school principal if he would sanction a penis (tallywacker) lineup of several students so she can identify which student stuck his penis through a peep hole in the girl's bathroom.  Ms. Balbricker claims she can identify the offending student's penis because it contains a distinctive mole.  In the movie, the request for the penis line up was denied. 

Was the prosecutor's troubling request inspired by Porky's?  As a parent of two young children, I am outraged by the actions of the police and prosecutors in this matter.  What happened to educating our kids about the dangers of sexting?  Why are prosecutors utilizing public resources to try to photograph a teenager's erect penis? 

My hope is that prosecutors and judges across the country realize that this is the wrong way to deal with sexting by teenagers.

Copyright 2014 by Shear Law, LLC.  All rights reserved.

Monday, July 7, 2014

Social Media Posts Lead To Firing of TV and Radio Personalities

Last month, Travel Channel personality Adam Richman made some very disturbing posts that led to his upcoming new show being postponed indefinitely.  Talk show host Anthony Cumia of Sirius was fired from his radio show last week for a series of allegedly racists Tweets.  Both of these incidents occurred "off the air" during personal time but they had negative employment consequences.

Social Media is not the panacea that some business consultants claim.  Too many self styled "social media consultants" advise their clients to pump out content on multiple platforms 24/7.  On a regular basis, clients ask me about the legal, business, and reputation related issues surrounding disturbing social media posts.  Unfortunately, I am usually contacted after a "social media consultant" has already provided career killing advice or inadequate training.

If one feels the need to respond to Tweets (or other types of posts) or get into a Facebook discussion with others, the amount of information/content posted should be limited since it may be utilized against you forever.  Yes, forever!  Any postings may be submitted as evidence in a court of law or may be used in the court of public opinion to destroy your career so less is usually more.  I have never had a client tell me he or she regretted not Tweeting more or posting a longer Facebook response.

Copyright 2014 by Shear Law, LLC.  All rights reserved.

Sunday, July 6, 2014

EPIC Files FTC Complaint over Facebook's Emotion Study

The Electronic Information Privacy Center (EPIC), a privacy advocacy group that has been performing great work for 20 years filed a complaint with the FTC alleging that Facebook's emotion study "deceived its users and violated the terms of a 2012 FTC consent decree."  The complaint was filed right before the July 4th holiday weekend. 

Facebook's refusal to issue an immediate apology regarding this issue demonstrates once again that the company is tone deaf when it comes to user privacy.  I have documented Facebook's troubling position regarding digital privacy time and time and time, etc...again. 

When I initially stated that Facebook's emotion study may have violated Facebook's FTC consent agreement early in the day on 6/30/14, I didn't see any other published articles mentioning this possibility.  Soon after I posted my article, Forbes reported that Facebook changed its terms to allegedly allow user data to be utilized for "research" purposes 4 months after the study was completed.

There are many users, technologists, and members of the media who are drinking the Silicon Valley Cool-Aid and defending Facebook's (and other companies) troubling practices because privacy policies, along with terms of use, and data use policies are written so broadly in the hopes that the language allows for any type of data usage and/or manipulation.  Just because one agrees to a troubling privacy policy/terms of use/data use policy clause in an agreement, that doesn't mean a court of law will automatically rule that the policy is legal and enforceable.   

The common law blue pencil doctrine is utilized when contract clauses are ruled to be unreasonable and violate public policy.  This doctrine enables courts to strike troubling clauses from executed agreements.  Is it time for the courts to start "blue penciling" unreasonable privacy policies, terms of use, data use policies, etc...? 

If some Silicon Valley companies don't start changing their data collection and usage practices it would not surprise me if the courts start flexing their blue pencil muscles to protect the personal privacy and safety of citizens in the Digital Age. 

Copyright 2014 by Shear Law, LLC.  All rights reserved.