Schools' use of cloud services puts student privacy at risk
- — 23 September, 2013 13:05
Schools that compel students to use commercial cloud services for email and documents are putting privacy at risk, says a campaign group calling for strict controls on the use of such services in education.
A core problem is that cloud providers force schools to accept policies that authorize user profiling and online behavioral advertising. Some cloud privacy policies stipulate that students are also bound by these policies, even when they have not had the opportunity to grant or withhold their consent, said privacy campaign group SafeGov.org in a report released on Monday.
There is also the risk of commercial data mining. "When school cloud services derive from ad-supported consumer services that rely on powerful user profiling and tracking algorithms, it may be technically difficult for the cloud provider to turn off these functions even when ads are not being served," the report said.
Furthermore, by failing to create interfaces that distinguish between ad-free and ad-supported versions, students may be lured from ad-free services for school use to consumer ad-driven services that engage in highly intrusive processing of personal information, according to the report. This could be the case with email, online video, networking and basic search.
Also, contracts used by cloud providers don't guarantee ad-free services because they are ambiguously worded and include the option to serve ads, the report said.
SafeGov has sought support from European Data Protection Authorities (DPAs), some of which endorsed the use of codes of conduct establishing rules to which schools and cloud providers could voluntarily agree. Such codes should include a binding pledge to ban targeted advertising in schools as well as the processing or secondary use of data for advertising purposes, SafeGov recommended.
"We think any provider of cloud computing services to schools (Google Apps and Microsoft 365 included) should sign up to follow the Codes of Conduct outlined in the report," said a SafeGov spokeswoman in an email.
Even when ad serving is disabled the privacy of students may still be jeopardized, the report said.
For example, while Google's policy for Google Apps for Education states that no ads will be shown to enrolled students, there could still be a privacy problem, according to SafeGov.
"Based on our research, school and government customers of Google Apps are encouraged to add 'non-core' (ad-based) Google services such as search or YouTube, to the Google Apps for Education interface, which takes students from a purportedly ad-free environment to an ad-driven one," the spokeswoman said.
This issue was flagged by the French and Swedish DPAs, the spokeswoman said.
However, there are some initiatives that are encouraging, the spokeswoman said.
Microsoft's Bing for Schools initiative, an ad-free, no cost version of its Bing search engine that can be used in public and private schools across the U.S., is one of them, she said. "This is one of the things SafeGov is trying to accomplish with the Codes of Conduct -- taking out ad-serving features completely when providing cloud services in schools. This would remove the ad-profiling risk for students," she said.
Microsoft and Google did not respond to a request for comment.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org