LearnerPrivacy.org
LearnerPrivacy.org
Welcome to LearnerPrivacy.org #001
I look at the last 20 years of progress in educational technology and while have made great strides in improving interoperability, we have moved from having each campus 100% maintaining possession their learner's private data to the point where the there is no learner private data under the direct control of many universities. Private student data is often spread across 15 or more vendor systems. It is time to understand and explore the trade off of outsourcing student identity and private learning data to third party vendors. This is a problem that is 20 years in the making - it will take some time to get to a better place in the educational technology marketplace with respect to protecting learner privacy data. Music: Peacefully by E'S Jammy Jams
[inaudible]
Speaker 2:hello and welcome to the first learner privacy.org podcast. My name is Charles severance and I'm your host for this podcast. So I want to get a few things straight right up front. First off, I'm not a privacy expert. I'm not doing this podcast from the point of view that I somehow know everything. And I'm just going to tell you, I am a teacher. I'm a software developer. I cared deeply about privacy in terms of my students and in the software that I developed. So what I'm hoping this podcast is going to do is to educate all of us a little bit about the consequences of a poor approach to privacy. Another thing that's important to talk about is some of the problems, the rampant leakage of data caused by integrations. Um, it's my fault. I have spent 15 years trying to improve integrations and learning management systems and, and I'm really proud of that work, but ultimately, you know, it, it leaks data. And so we solved a technical problem and we have privacy built into those standards, but not everybody uses that privacy. And, and so we've got to, we gotta get to the point where, uh, customers of software value privacy. And, and the funny thing is if I look back across the past 20 years, we started out inadvertently in a situation where privacy was assumed. Learning management systems have been extremely private and that's because in 2000, everybody had their own learning management system and it ran on campus hardware and it, people maintained it vendors developed it companies like Blackboard and web CT, which were really based on commercialized academic software gave us software that we run on our campuses. And, and so privacy was great. And we just took it for granted that if you were in a learning management system, that the data, the communications you would have, the homework you turn in, would stay in that system. And it would stay in the possession of the university. The problem with those systems. And part of the reasons I got involved in this is interoperability. That is that you had to do something quite special for Blackboard, something completely different for web CT and every product in the marketplace had their own plugin format. Now, when Sokai was founded, I was one of the founding members of psychiatry, 2004. Our stated purpose was to bring order to that, to bring order to the interoperability world. And people started coming to Sockeye in 2004, 2005, 2006, and that kind of scared the established companies. And so they came to the table and Sockeye led the way in building standards, like learning tools, interoperability, and common cartridge and others. And ultimately, I mean, to some degree, just to Kai's detriments, a kind, never really gained all that much market share, but we influenced everybody else. And so by 2008, 2009 learning tools, interoperability was pretty universal, but Sockeye and Moodle were also imitating Blackboard in web CT. And that they just gave you software to run on your campus. And so, as we had learning tools, interoperability plus open source learning management systems, we had high privacy and reasonably good interoperability. And then things started to change. There was really two trends that happened in the late two thousands, um, and early 2010. And that was universities got tired of running their own hardware. They got tired of upgrading their own software. They said, Oh, the best practice is to move to the cloud. And because of learning tools, interoperability, and other interoperability standards, we could move to the cloud. We could take some of our cool tools from Blackboard or[inaudible] Moodle and take them right with us on the way to canvas in the cloud and companies like Blackboard desire to learn Moodle Sekai. We didn't react to that nearly as fast as canvas did, canvas was born in the cloud. And so they really got a tremendous advantage and, and have moved to about a 40% market share at this point because of really good interoperability and really easy to just completely outsource everything. And so that led to a rush to canvas over the past five years. And everybody just sort of covered their eyes and ignored the complete loss of control of the data. They just handed, canvas their data. And now the other thing that happened is all the major commercial vendors, Blackboard, and desire to learn. They also ran to the cloud because canvas forced them to run to the cloud. They had to run to the cloud, or they were going to lose all their customers. That's kind little projects. We're happy to let people host their own systems. So we find ourselves in a really interesting situation. Everybody's doing fine in the cloud. Some systems allow our local hosting, but, and interoperability is wonderful learning tools. LTI advantage is the most recent version of that specification and it's suburb. It's amazing. It's wonderful. And so we are sort of at the, in the golden age of interoperability right now in educational technology, but the problem is, is we are at the worst possible lowest commitment to privacy than we ever have been. And that's, what's gotten me very concerned. And so the way I think about this is I want the next 10 years, I want the next 10 years to build on the great interoperability story that we have. These standards are not broken. Many of these standards have the ideas of privacy baked into them, but then the vendors who implement the standards choose not to do it, right. Choose not to build software that respects privacy because they have business interests. And the business interest is, is higher. If you can get your hands on and retain the private paint of learners. And so it just became part of a business model as everyone ran to the cloud is, is capturing of data. So I think the way to start this is to, to teach people about the importance of privacy first, teach what we lost and then teach what we can do together. And I don't think that there's any vendor in the marketplace that can't switch in the next two to five years to having a much stronger focus on privacy. I don't think that there's anybody in capable of doing it. I think there's some that are going to be unwilling to do it, but not, not incapable. So we're going to have a series of podcasts and they're going to be educational in nature. Although once the conversation starts, if conversations happen and I say something foolish in one podcast and I'll have to fix it in the next podcast, but I'm when I talk about educational technology standards, what I see as wrong with FERPA, what's bad about our current cloud strategy, thoughts, not bad, but our current cloud strategy is bad. How privacy is built into these standards. And then things like GDPR, the European privacy standard, like what's good about it and how it's gone off the rails. I see open source as critical. I don't necessarily see that you have to convert to open source, but I do think that vendors of LMSs and learning tools will be put on notice and should be put on notice that open source is coming. And if they won't do anything about privacy, then maybe we ought to just switch to open source. And that's what actually happened in 2004, 2005 people didn't all switch to open source, but the threat to switch to open sources, what got attention to interoperability, how a campus can begin to think about privacy, think about building a strategy around privacy. What happens to companies and then your data and later in their lives, how to talk about this on campus. And I think, you know, at the end of the day, I think it's all achievable. You know, it's all achievable. Uh, there is not all bad. It's just, we haven't chosen to do the right thing. We need to pressure both the learning management systems and our learning tool vendors. I think we'll find a way to slowly but surely begin to extract all of our learning data out of these things, by putting privacy rules and rubrics and methods on top of them. Um, but I would say that it's, we're in a bad spot. I think we've already had our Cambridge Analytica moment. I'm not gonna tell you too much about it. Cause it still scares me that that much data was lost, but data was just simply genuinely left in the third party's hands. And then that third party through a of sales ended up putting that data in the wrong hands. So this is going to be interactive. Uh, I will have guests. I'm here to listen. I'm here to learn. I'm happy to interview people. I'm happy to interview experts who are smarter than me. I will do consulting with companies or universities who want to begin to work in this. And I just want to wrap up by saying that you might think I'm in a bad spot to be critical of all this, because there have been privacy efforts in the IMS, global learning consortium meetings. And people come to me while I was leading technical standards. And they would say, you should pause for a year and work on privacy. And I'm like, we don't have time for that. And maybe we didn't, I'm really proud of what we've accomplished. And we had to focus to get that far. I mean, it's been 15 years of work, but honestly now I wake up and I'm like, it's time to work on privacy. Partly because we have such a good base of standards to work with having privacy. Won't be that hard. So I'm sorry, but it took me this long to get excited about privacy and dedicate myself to learning and teaching you all about privacy. So see online. Cheers.
Speaker 1:[inaudible]
Speaker 3:thank you for listening to episode one of the learner privacy deck or podcast. Our music is by EAs Jimmy jams.