This has NOTHING to do with whether you like the standards or not. This is not about Common Core and the standards. This is about your child's future data privacy. It does eventually go back to the standards, but there is more time to discuss that at a later date. For the purposes of the impending test, parents have a reason to be concerned and to carefully evaluate whether or not their student should participate in this test.
The data from the Alaska Measures of Progress (AMP) is part of the P-20W database. It is individual data.
First on the refusal.... reference information that parents need to REFUSE the Test and the instructions to the district on how to report the information. Go to http://tiny.cc/AMPBook The information comes for the Alaska Department of Education's own publication on page 112.
School Board President Esther Cox recently told the Senate Education Committee that parents have the right to refuse. Therefore, no one should feel bullied into taking this test.
The code for refusal is 999 in the event it is needed by your school IT. It is the code for both PARCC and SBAC. Since Alaska is a Common Education Data (CEDs) state, it should work. If Alaska uses some other code, they will just have to convert it to 9999 when they report the data to the Institute for Educational Sciences. You might as well save them the conversion time. But the Alaska Department of Education and Early Development (AK DEED) is really operating under the peter principle here and has subjected the children of this state to some serious risk with respect to their privacy. There is little the legislature can do at this point.
When a parent gave their information on their family and their child to the school, there is NO WAY they consented to all of this. NO WAY. They gave the information in good faith that the information stayed in the school district in Alaska and perhaps some of it went to the state. The P-20W data base which receives the scores without parent permission. No parent in Alaska gave their permission for the data to be used in this way, by their own admission. They also seem to be under the impression that they don't need parent permission to use the data and that parent consent is implied by enrollment in school.
So, there are several problems here that need to be considered. First is the potential problem of the KITE application. This is more technical than the scope of this blog, but is covered briefly. The second is the involvement of the AMP test scores in the P-20W.
Potential Kite Application Problems
Keep in mind that Kathleen Sebelius, former Governor of Kansas and Secretary of Health Education and Welfare used agile technology in the development of the ObamaCare website. This is the underlying architecture of the KITE ap. Do you seriously want to trust anything based on the track record of that technology?Now, the first issue on student data privacy that needs to be address has to do with the KITE application itself. The student uses this KITE ap to take the test. Without delving into details on programing, if any student takes this test, make sure the cache is cleared on the computer BEFORE they commence the test. I can't stress the importance of this enough. Generally, in public systems such as the library, there is a reset in between users that is set on a timer that will do this automatically. Some of the larger schools may have this set up--some schools may not. There is no harm to double clearing, but if you want your student's data sent as your student's data, then clear the cache before the login.
When the student completes the test, the data goes to Questar in Minnesota directly. The programming is an open script.. This means the code is "out there" for ambitious programmers to re purpose for other endeavors. That risk can exist for years, as the recent data breach at Anthem/Blue Cross Blue Shield demonstrates.
The Data Routing Shifts Data Responsibility
Why is this a problem? According to the AAI contract, the data goes from KITE to Questar. In past times, students would take the test and hand the test over to an in-state official. Then AK DEED would collect the tests and send the tests to Questar in Minnesota... or assume responsibility for data security after test completion in the case of a state operated school.This test changes that an makes it a district problem and most of the superintendents may not understand the ramifications of the shift in that burden. It is most likely that most borough mayors don't understand the ramifications of this shift in liability and may not have adjusted their borough and district insurance policies appropriately.
Many principals and superintendents don't even understand that it is their own data being used in the Answer project--they never really considered where the data came from or how it was acquired. So, how much less likely that have they considered the shift in liability of data risk. If businesses like Target and Blue Cross and Blue Shield have had difficulty with data security, how much more might a borough? Have any of the superintendents and borough mayors considered the ramifications of this shift in data security and risk from the state to the districts? Do they have the relevant insurance to cover this? Have the borough boards even examined how district liability is impacted by this state mandated test?
Second, for DEED get the scores back, Questar sends the data to DEED (from Minnesota). They will likely have the data back before the end of May... probably much sooner than that. DEED states they won't release the test scores until October. Why? What do they plan to do with the data? The cut score percentages have already been decided the U.S. DOE, so this deserves some investigation.
Even so, if the AK DEED imports data from a student from out of state, is the data covered by Alaska privacy laws? Would a parent have any way to keep their child's data out of the P-20W?
The KEY here is that Your STUDENT sends the data out of state, not DEED. That means the privacy protections in the Alaska Constitution are no longer applicable. The parent has consented to the test and the student's data being sent about by taking the test. This has NOTHING to do with whether you like the standards or not. This has to do with DEED's opinion that you have consented to anything they decide to do because you enrolled your child in public school.
P-20W/Unity and DataMarts
But the long term IMMEDIATE problem for student privacy is relative is the P-20W. The condition for the grant is inclusion of the ESEA tests, college and career tests, and the information on non-testers. The reader will find the inclusion of ESEA student test scores in the Technical specifications of the RFP for the grant on page 2. This is a technical specification of the grant, and they must comply with it. In addition to the AMP test scores, the reader will note College and Career ready test scores (ACT, SAT, Workkeys) is included.
You will also see this in the grant loop of the graphic from the grant, the test scores are clearly listed.
If the reader examines the power point for the RFP, they will see that there are four essential documents for a P-20W--one is the actual grant application (in the prior paragraph), the Grant application, the SFSF, and the Race To the Top- (Or the I-3) grant application. While researchers have recovered copies of the 20W grant and SFSF (links below) the grant application under the main I-3 (we know there were 8 made to Alaska) has not been recovered. It appears to have been made to the University of Alaska system to allow the Alaska Department of Education and Early Development deniable plausibility.
The P-20W grant application is fairly large. Quite a bit of the information can be found in this blog entry, but there are quite a few topics not covered in that blog. Among them are the issues with their selection of drives and their clearly absurd testimony on Extract Tools (ETLs). Their use of SATA and SASE drives is almost laughable to anyone in IT.
The enterprise system reference in the grants are the state servers, which is not designed for the level of data and traffic they will be using, but that is beyond the scope of my concern for students. This places the state as a hacker target. I have included a screenshot of the DMZ that they reference in their grant pictures... so when you look at their schematics, the DMZ is where they interface and will likely have a public access portal in the future.
Data Sharing Outside Alaska
The subphase report provides additional insight on what they plan to do, and it includes the future plans. Around page 70 is when some red flags should show up--they even plan on using postal data. Notice page 90ish there is this project called Data Mart where they plan to sell the data. This is echoed in the grant.
The people at ACPE have already admitted that they meet with the Feds monthly in House Education Committee testimony on February 20, 2015. They probably meet more often than that if what is going on in other states is instructive. There is no doubt there is an intent to share, no matter what Diane Barrand at ACPE says because it was a condition of the grant. The grant RFP ensures the dataset is compatible with EduFacts, the US Department of Education Database. IES-DOE can easily intercept the data anyway, and could potentially obtain it from Questar before the state gets it back.
It doesn't matter what is in THEIR narrative of the grant. They are bound to the grant for which they applied. That WILL require giving the information to them... It is on page 2-3 of the RFP. ACPE has already said they retain PII (personally identifiable data) and plan to link data in subsequent years, they do have it, and the Social Security numbers are attached from the PFD data base, and they plan to track students.
ACPE/DEED also were also less than straightforward about data sharing. Participation in the "Grand" P-20W will be made by the "4 partner agencies," and may be made at some future point in time. You as a parent, will have no say in the matter. WICHE helped Alaska setup the data set, and there is no way that AKDEED can say NO. WICHE has formulated and implemented a 5 state one already.... The states of Idaho, Washington, Hawaii, and Oregon are already involved, and their goal is to get all 15 states involved.
The point here is this... these folks are using the data from your child's school in a way that no one envisioned when they enrolled their child in school.
Parents simply need to verify the information for themselves and decide on what is right for their children.
No comments:
Post a Comment