[LIBRARYDIR] [EXTERNAL] Privacy, Technology, and Instructure Handout

Julie Nurse julie.nurse at centralia.edu
Fri Mar 7 11:51:21 PST 2025 

Hi Erica,

I am deeply concerned. Could we add this to our spring LLC agenda?

Thanks,
Julie

Julie Nurse
Dean of Library, Testing, and Teaching & Learning
Centralia College
360.623.8567<tel:360.623.8567>
julie.nurse at centralia.edu<mailto:julie.nurse at centralia.edu>


-------- Original message --------
From: "Coe, Erica via LIBRARYDIR" <librarydir at lists.ctc.edu>
Date: 3/7/25 9:13 AM (GMT-08:00)
To: WACTC Library Directors <librarydir at lists.ctc.edu>
Cc: "Coe, Erica" <ecoe at olympic.edu>
Subject: [EXTERNAL][LIBRARYDIR] Privacy, Technology, and Instructure Handout

Caution: This email originated from outside of Centralia College. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hello all,

One of my librarians, Amanda Cain has been researching concerns about student data that is collected by various tools – pasted below.  The memory of LexisNexis sharing information with ICE was partially what spurred this investigation.

I especially want to note concerns about Canvas since Instructure has been acquired by investment funds managed by KKR<https://www.prnewswire.com/news-releases/kkr-and-dragoneer-complete-acquisition-of-instructure-302304632.html>, a global investment firm. “KKR is a global private equity firm known for its serial anti-trust violations<https://www.justice.gov/archives/opa/pr/justice-department-sues-kkr-serial-violations-federal-premerger-review-law> and long history of asset-stripping company buyouts, most recently of group homes for people with developmental disabilities<https://www.warren.senate.gov/newsroom/press-releases/warren-wyden-sanders-murray-blast-private-equity-giant-kkr-for-grossly-substandard-care-and-unsafe-living-conditions-in-group-homes-for-people-with-intellectual-and-developmental-disabilities>. They primarily invest in oil and gas projects and have a pattern<https://peclimaterisks.org/kkr-greenwashing/> of repeated environmental violations, failure to obtain community consent, and a lack of accountable business practices in low-income communities. They also invest in private prisons.”

If there’s interest, maybe we can add this to a future LLC meeting for discussion.

Thanks,
Erica

-------------------------------------------------------------
Erica Coe (she, her, hers)
Dean of Libraries, Tutoring, and College Success
Olympic College

---------------------------------------------------------

Privacy and Technology Resources
Amanda Cain, OC library faculty

Facts
FERPA is over 50 years old. It does not reflect the current types of information contained in student records<https://www.the74million.org/article/50-years-after-ferpas-passage-ed-privacy-law-needs-an-update-for-the-ai-era/>; it does not address third parties; and it does not acknowledge the extent to which ed tech vendors are integrated into students’ daily lives. According to some of the following reports and articles, collection and sale of students’ data happens on a large scale. Notably, Instructure (Canvas) was recently acquired by KKR, a private equity firm long investigated for its asset-stripping company buyouts.
K12
Data is collected on tens of millions of students before they get to college, and results in risk-scoring algorithms being attached to them. Data is disproportionately collected on, and ads are targeted disproportionately to African American and Native American students in school settings.
This Private Equity Firm Is Amassing Companies That Collect Data on America’s Children, January 11, 2022<https://themarkup.org/machine-learning/2022/01/11/this-private-equity-firm-is-amassing-companies-that-collect-data-on-americas-children>
“We found that the companies, collectively, gather... data about students’ citizenship status, religious affiliation, school disciplinary records, medical diagnoses, what speed they read and type at, the full text of answers they give on tests, the pictures they draw for assignments, whether they live in a two-parent household, whether they’ve used drugs, been the victim of a crime, or expressed interest in LGBTQ+ groups, among hundreds of other data points.”
K12 Edtech Safety Benchmark: National Findings – Part 1,<https://internetsafetylabs.org/wp-content/uploads/2022/12/2022-k12-edtech-safety-benchmark-national-findings-part-1.pdf> 2022
Most--96%--of edtech apps used by K12 students “are unsafe for students.” “Apps and technology that expose personal information about children and their families to technology providers, third-party marketers, advertisers and often the internet at large are not adequately safe for children...Data is forever... mental health information gleaned from a child’s innocent use of a mental health tracker can become a problem in later years as a teen or an adult.”
Significant K-12 EdTech Safety Disparities Discovered Among Marginalized Demographics in New Internet Safety Labs Report<https://www.globenewswire.com/news-release/2024/02/06/2824551/0/en/Significant-K-12-EdTech-Safety-Disparities-Discovered-Among-Marginalized-Demographics-in-New-Internet-Safety-Labs-Report.html>, February 2024
“Schools in the lowest income segment ($20K-$39K) and schools with majority race American Indian/Native Alaskan (National Center for Education Statistics categories) have the lowest technology vetting of all demographics and have the highest average percentage of apps with ads or behavioral ads.”
Higher Ed
Paying Twice to Learn: How Higher Education Students May Be Forced to Sacrifice Privacy for Digital Learning Tools,<https://privacyrights.org/resources/paying-twice-learn-how-higher-education-students-may-be-forced-sacrifice-privacy-digital> November 2024
Report Key Takeaways:
·                     Limited Protections: Higher education students are often required to use and pay for access to digital instructional materials, yet they have extremely limited access to data privacy rights and protections. Federal law has not kept pace with technology, and relevant state laws focus on K-12 students or rely on consent–an element notably absent in this context.
·                     Lack of Transparency: The data privacy practices surrounding digital instructional materials in higher education are largely opaque. Neither students nor instructors have a clear understanding of how personal data is collected, used, stored, or shared. Companies rarely provide clear information in public policies, and institutions are not required to make vetting processes readily available for review. Inconsistent
·                     Policies and Practices: There appears to be no data protection standard or accepted best practices in place across educational institutions or companies providing digital instructional materials. Even the existence of contracts between institutions and providers varies. Data practices and privacy protections seem to be largely left to the ed-tech companies’ discretion.
·                     Significant Room for Improvement: Higher education institutions and ed-tech companies have substantial opportunities to better protect students’ data. This could involve adopting state or federal legal requirements, implementing institution- or system-wide contracting and review practices, and obtaining clear commitments from companies to protect student data.

The Vulnerability and Protection of Student Data<https://www.lawfaremedia.org/article/the-vulnerability-and-protection-of-student-data>, December 2023
“Data brokers...pose significant risks to American students. Despite assertions that they are not acting as consumer reporting agencies (which are companies that calculate credit scores), data brokers report student data for student loans (without the consent of the students in question), which can be purchased and used in the future (also without students’ consent) for credit reports and employment background checks. Data collected by these companies is often inaccurate, which could inflict financial harm in a number of ways, including lawsuits regarding credit discrimination and the potential for restricted employment opportunities.”
Deepfakes, Phrenology, Surveillance, and More! A Taxonomy of AI Privacy Risks<https://dl.acm.org/doi/full/10.1145/3613904.3642116>, May 2024
“In approximately 93% of the cases we analyzed, the unique capabilities and data requirements of the AI technologies involved in the incident either created a new type of privacy risk, or exacerbated a known risk.”
“Wow, I hope not?!”: Instructor Use of LMS Data and Knowledge of LMS Privacy Practices<https://conpro23.ieee-security.org/papers/schmidt-conpro23.pdf>, IEEE, 2023
“Anonymized data... allow for easy de-anonymization and the loss of personal data and privacy...Additionally, this risk should be weighed when considering that some of the data available in the dataset include potential information about students’ disability accommodations. Such data, anonymized or not, create the potential for technology-enabled discrimination, based on students’ disability status.”
Behind the Platforms: Safeguarding intellectual property rights and academic freedom in Higher Education, April 2024<https://conpro23.ieee-security.org/papers/schmidt-conpro23.pdf>
“Issues of academic IP and academic freedom in digital education are fragmented, with no sector-wide standards or rules, and minimal guidance for institutions on these matters when engaging in licensing or procurement of digital education services, or staff when engaging in sector discussions/negotiations.”
Sins of omission: Critical informatics perspectives on privacy in e-learning systems in higher education,<https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4733203> 2021.
“Language in contracts between the university and the vendors around FERPA compliance suggested that the university misses opportunities to inform students and instructors of the ways their data can and will be used by vendors, neglects gathering meaningful consent from students and instructors, and allows vendors the legal loopholes to collect and store student data with impunity.”
Instructure Is Ready To Lead The Next Evolution In Learning,<https://www.forbes.com/sites/rayravaglia/2024/11/19/instructure-is-ready-to-lead-the-next-evolution-in-learning/> Forbes, November 2024
This press release arguably confirms warnings in the above reports. KKR is a global private equity firm known for its serial anti-trust violations<https://www.justice.gov/archives/opa/pr/justice-department-sues-kkr-serial-violations-federal-premerger-review-law> and long history of asset-stripping company buyouts, most recently of group homes for people with developmental disabilities<https://www.warren.senate.gov/newsroom/press-releases/warren-wyden-sanders-murray-blast-private-equity-giant-kkr-for-grossly-substandard-care-and-unsafe-living-conditions-in-group-homes-for-people-with-intellectual-and-developmental-disabilities>. They primarily invest in oil and gas projects and have a pattern<https://peclimaterisks.org/kkr-greenwashing/> of repeated environmental violations, failure to obtain community consent, and a lack of accountable business practices in low-income communities. They also invest in private prisons.
“Instructure Holdings, Inc., a leader in learning management systems (LMS), has entered an exciting new chapter with its acquisition by investment funds managed by KKR<https://www.prnewswire.com/news-releases/kkr-and-dragoneer-complete-acquisition-of-instructure-302304632.html>, a global investment firm, and Dragoneer, a growth-oriented investor. The deal, valued at $4.8 billion, marks a turning point in Instructure’s journey to transform education on a global scale. “Having KKR’s support will help us double down on core markets, scale our global reach at a faster pace, and unlock new opportunities.” ... This means analyzing the entire transcript of activities within the LMS, providing a dynamic, data-driven view of student progress rather than just seeing signposts of where students have been and what they have taken away. Things become more potent by moving away from a particular student’s traversal of a specific course to looking at large aggregations of students traversing similar courses. This is why Instructure’s acquisition of Parchment, a company specializing in credential and transcript management, is so significant. By combining Parchment’s expertise with Canvas data, Instructure can connect learning outcomes to skills, degrees, and career readiness. As this data grows in scale, AI can identify patterns and insights that would be impossible to discern otherwise—capturing hard skills, soft skills, teamwork capabilities, and more... Beyond improved insights into the relationships of knowledge, skills, and outcomes, the integration of Canvas with Parchment should lead to a better version of the transcript itself, one that captures more than just the aggregated results of assignments but the full transcript of the rich performance data a student generates during a course. This would shine light not only on the knowledge acquired and skills measured on course assignments but also on the knowledge and skills demonstrated during the assignments themselves and the evolution of the knowledge and skills across the duration of the course and throughout the student’s entire career.”
How do I...?
Instructure's Third-Party Processing Guide<https://community.canvaslms.com/t5/Privacy-Articles/Instructure-s-Third-Party-Processing-Guide/ta-p/606339>
Lists over 30 pages of third-party vendors.
How do I change my privacy settings in Canvas Student ePortfolios?<https://community.canvaslms.com/t5/Canvas-Student-ePortfolios/How-do-I-change-my-privacy-settings-in-Canvas-Student/ta-p/1369>
How to Quickly Get to the Important Truth Inside Any Privacy Policy,<https://themarkup.org/the-breakdown/2023/08/03/how-to-quickly-get-to-the-important-truth-inside-any-privacy-policy> August 3, 2023
Recommended Listening
“With Great Power Came No Responsibility,” Cory Doctorow Lecture at U Toronto, February 2025<https://doctorow.medium.com/https-pluralistic-net-2025-02-26-ursula-franklin-enshittification-eh-403038a49634>
This colorful lecture illustrates how data-broker activity plays out in nurses’ lives.
“A January 2025 report from Groundwork Collective documents how increasingly nurses in the USA are hired through gig apps — “Uber for nurses” — so nurses never know from one day to the next whether they’re going to work, or how much they’ll get paid. There’s something high-tech going on here with those nurses’ wages. These nursing apps — a cartel of three companies, Shiftkey, Shiftmed and Carerev — can play all kinds of games with labor pricing. Before Shiftkey offers a nurse a shift, it purchases that worker’s credit history from a data-broker. Specifically, it pays to find out how much credit-card debt the nurse is carrying, and whether it is overdue. The more desperate the nurse’s financial straits are, the lower the wage on offer.”




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ctc.edu/pipermail/librarydir_lists.ctc.edu/attachments/20250307/fa359a38/attachment.htm>

More information about the LIBRARYDIR mailing list