I provided the following testimony to the NH House Education Committee regarding SB320. This bill “provides that no student shall be required to volunteer or submit to a non-academic survey or questionnaire without written consent of a parent or legal guardian.”
I’ve been working in database programming, website development, computer security, and digital marketing for almost thirty years. I can tell you that as surely as the sun will rise tomorrow, there is no such thing as an anonymous electronic survey. I’ve been responsible for securing computer applications, locking down websites, and personally identifying sales leads and prospects from data crumbs. I know how data and security work or, in too many cases, don’t work as planned. I hope my written testimony will convince you that the unnecessary risk posed by these non-academic surveys is not worth whatever reward is purported by their advocates.
Before I discuss the topic of data integrity, security, and anonymity, I do wish to make something clear. Even if the integrity, security, and anonymity of these survey results could be guaranteed, I am opposed to them. I would urge you to support SB320 and my parental rights to reject inappropriate and – more importantly – irrelevant activities that do not directly benefit the educational experience of my child.
Now, let’s assume for the sake of argument that these non-academic surveys are not irrelevant. You might assert that the survey data is protected on the school district’s private computer network. However, gaining access to any computer network is as simple as getting an employee to click on a phishing link in an email. This is exactly what happened in Provo, Utah last year, putting 13,000 students’ and 500 employees’ records at risk. Also, the 5,400-student Mount Pleasant Independent School District in Texas experienced a data breach in 2015 that put 915 former employees’ private information, including Social Security numbers, at risk. Also, Chris Paschke, the director of data privacy and security for the 86,500-student Jeffco public schools in Golden, Colo., said his district’s technology infrastructure is constantly being probed for weaknesses—students getting teachers’ passwords and hacking into the system, phishing links, and denial-of-service attacks, he said. Finally, “Everybody is vulnerable” to cyber attack, said one California school district spokeswoman. “It’s not inevitable, but it certainly is possible.”
Now, let’s assume for the sake of argument that these non-academic surveys are not irrelevant and that every NH school district is impervious to computer hacking. You might assert that the survey data would never be made public. The fact remains that district employees accidentally post data to publicly accessible areas on a regular basis. The private information of about 12,000 D.C. public school students was accidently uploaded to a publicly accessible website, the District’s Office of the State Superintendent of Education announced just last month. Last year, Tewksbury school district accidentally posted private special education student information online that contained a list of the students with out of district placements, and includes other information including a ranking of parents as “cooperative,” “somewhat cooperative,” and “not cooperative.” Even when networks are secure, district employees are human and make mistakes.
Now, let’s assume for the sake of argument that these non-academic surveys are not irrelevant and that every NH school district is impervious to computer hacking and that not a single district employee anywhere in the state of NH would ever make a computer mistake. You might assert that the data is anonymous, after all. The fact remains that in today’s online world, any person with an Internet connection and well-developed sense of curiosity can easily identify a person with little more than a last name, a city of residence, and a birth year. When you add to this perfunctory data set other highly personal questions such as ethnicity, recent grades, school lunch program participation, and 60-day relationship history, you suddenly have enough puzzle pieces for almost any classmate or even highly involved parent to narrow down the field considerably.
Now, let’s assume for the sake of argument that these non-academic surveys are not irrelevant and that every NH school district is impervious to computer hacking and that not a single district employee anywhere in the state of NH would ever make a computer mistake and that one set of answers can only be narrowed to a small group of students. You might assert that an individual student’s privacy is still protected. The fact remains that the data set as a whole will likely reveal personally identifiable information. In fact, a University of New Hampshire survey called “Bringing in the Bystander”, which seeks to address and prevent sexual violence in relationships, was administered to high school students in Andover, MA recently. When parents complained, school district officials insisted that answers could not be linked to an individual student. However, the opening paragraph of the survey explains that they are about to ask a series of questions that will allow them to “connect your answers across time.” This means that they have devised the survey in such as way as to ensure that a given student’s combination of answers would be unique within the data population. Out of thousands of respondents, they are quite sure that the answers to these eight questions will be unique enough for them to track an individual student over time. And it was deliberately baked into the framework of the survey. That, ladies and gentlemen, is the very definition of personally identifiable data.
In conclusion, if you believe that these non-academic surveys are not irrelevant and that every NH school district is impervious to computer hacking and that not a single district employee anywhere in the state of NH would ever make a computer mistake and that one set of answers can only be narrowed to a small group of students and that none of these non-academic surveys would be deliberately designed to ensure unique answers within the dataset, then by all means don’t support SB320. But if you think just one of these things could possibly be true, then you owe it to the parents and students of this state to give them the means to protect their children’s most intimate secrets from those who would do them harm.
Featured image, Paper, courtesy of Steven Guzzardi on Flickr.