Browse all articles

Encryption Survey Reveals Urgent Need for Student Privacy

Protecting the data of students needs to be a top priority.

From preschool through the 12th grade, educators across the country are harnessing the power of technology to enrich their students' learning. But as we embrace the enormous benefits tech can bring to the classroom, we also have to be aware of the risks. A new encryption survey from Common Sense reveals that more action is needed to protect students' privacy.

Common Sense Education Privacy Initiative director Bill Fitzgerald explains, "In the last two weeks of October, we ran automated tests on 1,221 logins used by 1,128 vendors that have products in schools around the country. While our list of sites is not exhaustive, it is representative of websites from small developers, well-established companies, start-ups, privately held companies, and enterprise-level applications. Our findings indicate that a significant number of vendors do not provide even basic support for encryption."

Our survey reveals that some vendors and products haven't enabled encryption for products used in thousands of school districts, leaving students' information vulnerable:

  • A well-known vendor appears to have enabled encryption for districts in states that have laws requiring reasonable security, but not in other states.
  • A product targeted to students of all ages within K–12 schools does not support encryption at all in a subset of their product offerings.
  • In what seems to be an intentional decision to ignore best practice in favor of insecure practice, multiple vendors take a request for an encrypted connection and explicitly redirect it to an unencrypted connection.

These troubling findings highlight the urgent need for states to take action to protect the students who use these products.

In California, the landmark SOPIPA (the Student Online Privacy and Information Protection Act) and Early Learning Privacy Information Protection Act (ELPIPA) legislation require vendors to provide reasonable data security to protect children's information from preschool on. To date, SOPIPA-like legislation has been introduced in 13 states and is being pursued at the federal level by the Obama administration and Congress. But our survey's findings make it clear that this isn't enough.

When California passed SOPIPA in 2014, Common Sense CEO Jim Steyer noted that the school zone should be a safe and trusted environment where kids can learn and explore, where educators can harness technology to enrich their learning, and where kids' sensitive information is safe and secure.

In light of the findings from this survey, we call on leaders in every state to take urgent action to ensure that parents nationwide know that when their children step through the classroom door, their privacy is secure and their information won't be used for other purposes.

Interested in learning more about our efforts to protect the privacy of all kids? Join our movement -- become a Kids Action Advocate today!

Teresa Machado
Teresa Machado is Common Sense Kids Action’s Policy Associate for California. She joined Kids Action in 2016 from Early Edge California in Oakland, CA, where she worked to advance policy to improve early education access and quality. Previously, she worked as a district representative for California State Assemblymember Das Williams and began her career in policy as an intern with the California State Assembly Committee on Education.