He Wanted Privacy. His College Gave Him None
December 6, 2023 2:18 AM Subscribe
Teaching data privacy is like teaching financial literacy or media literacy: what little training there is in schools is rinsed away the minute kids leave the classroom. The only thing they remember is their own mistake, or their friend's.
We taught our kids to muddy the waters a bit in their data trail, just like we taught them about earning money and avoiding credit card debt. When they got to college, they were more careful with over-sharing than their peers.
But it's a losing game when the entire capitalist machine is coordinating against the advice like "everything you post online is there forever" and "don't type anything into your phone you don't want to hear read out in church [or 'on the front page'] on Sunday" and "be careful what all those apps are doing: if you're not paying then you're the product."
posted by wenestvedt at 6:42 AM on December 6, 2023 [8 favorites]
We taught our kids to muddy the waters a bit in their data trail, just like we taught them about earning money and avoiding credit card debt. When they got to college, they were more careful with over-sharing than their peers.
But it's a losing game when the entire capitalist machine is coordinating against the advice like "everything you post online is there forever" and "don't type anything into your phone you don't want to hear read out in church [or 'on the front page'] on Sunday" and "be careful what all those apps are doing: if you're not paying then you're the product."
posted by wenestvedt at 6:42 AM on December 6, 2023 [8 favorites]
Faculty and staff, and to a lesser extent alumni, are in a better position to lead campus efforts for privacy reform than students. It’s the sort of issue that requires longer-term advocacy and involvement in many cases (unless a specific and clear change occurs, like new use of exam tracking software), and that, to be honest, often impacts us more. The automated license plate readers, swipe cards tracking movement around campus, and internet usage data all directly impact faculty and staff to the same degree as students, for example, with many of the same potential harms. (Sure, there’s the argument that employers should be able to ensure that employees are using their internet resources only for work-related tasks, but in addition to the usual arguments around employee privacy, you also have intellectual freedom issues in academia). And while some of the academic data collected can be useful - and I’ve used it in my teaching! - often there is insufficient support for faculty to learn how to apply such data and how to safeguard student privacy while doing so. I’m certainly in favor of evidence-based teaching practices, but at the same time care must be taken to ensure that we aren’t basing evaluations (of students or faculty) on what data is easy to collect rather than what information is meaningful and can be analyzed intelligently and accurately to provide relevant knowledge. Faculty hiring, tenure, and promotion has become increasingly dependent on data-based metrics that are rather questionable; and that also pressure faculty who have not yet achieved job security to over-work in order to achieve standards that have been set above the level that any reasonable qualified academic can achieve while also maintaining a healthy work-life balance.
Canadian universities are required to ensure that student data is stored in Canada, and my university runs course management and survey software on our own local servers. There has also been a push toward more awareness of data storage and privacy issues among the Canadian federal research agencies in the past two years, which has been a really positive development. I’m not as familiar with any university-specific data privacy regulations in other parts of the world, but I imagine the EU or some member countries would have something along these lines, or that their stronger general protections would apply in some useful university-specific ways?
posted by eviemath at 6:57 AM on December 6, 2023 [5 favorites]
Canadian universities are required to ensure that student data is stored in Canada, and my university runs course management and survey software on our own local servers. There has also been a push toward more awareness of data storage and privacy issues among the Canadian federal research agencies in the past two years, which has been a really positive development. I’m not as familiar with any university-specific data privacy regulations in other parts of the world, but I imagine the EU or some member countries would have something along these lines, or that their stronger general protections would apply in some useful university-specific ways?
posted by eviemath at 6:57 AM on December 6, 2023 [5 favorites]
I used to be part of a BBS that catered to women, and its audience skewed young; there were late-teens in the group, users who were in later high school. And despite the copious warnings from the organizers to users not to put too much personal info in their profiles, they would - using real names, real locations, and such. In fact, they'd even push back against our warnings - if anyone tried snooping about them, it was those other people's fault for being rude and it being none of their business.
I started doing a bit of a tough-love approach on them - using the info they would be freely sharing, I would do a Google search for their picture or some other info they had NOT shared with the BBS; something like, their high school address, or their lacrosse team's latest score. I would DM them that info, with an explanation about how I'd found it. That often did the trick.
But that attitude, that "if these strangers are reading my posts then it's THEIR fault for being rude and nosy" was the biggest hurdle. It's not that these girls weren't savvy - they were too trusting of what strangers would do. They expected strangers to mind their own business and not be "rude".
posted by EmpressCallipygos at 7:03 AM on December 6, 2023 [14 favorites]
I started doing a bit of a tough-love approach on them - using the info they would be freely sharing, I would do a Google search for their picture or some other info they had NOT shared with the BBS; something like, their high school address, or their lacrosse team's latest score. I would DM them that info, with an explanation about how I'd found it. That often did the trick.
But that attitude, that "if these strangers are reading my posts then it's THEIR fault for being rude and nosy" was the biggest hurdle. It's not that these girls weren't savvy - they were too trusting of what strangers would do. They expected strangers to mind their own business and not be "rude".
posted by EmpressCallipygos at 7:03 AM on December 6, 2023 [14 favorites]
But that attitude, that "if these strangers are reading my posts then it's THEIR fault for being rude and nosy" was the biggest hurdle. It's not that these girls weren't savvy - they were too trusting of what strangers would do. They expected strangers to mind their own business and not be "rude".
It is such a hard line to tow, encouraging best practices re: data safety (or even property safety) while avoiding coming off as victim-blamey.
posted by grumpybear69 at 7:10 AM on December 6, 2023 [3 favorites]
It is such a hard line to tow, encouraging best practices re: data safety (or even property safety) while avoiding coming off as victim-blamey.
posted by grumpybear69 at 7:10 AM on December 6, 2023 [3 favorites]
It is such a hard line to tow, encouraging best practices re: data safety (or even property safety) while avoiding coming off as victim-blamey.
Especially given that “best practices” is a field full of ever-moving goalposts that are quite often built of things only the most dedicated geek finds reasonable.
posted by Thorzdad at 7:18 AM on December 6, 2023 [10 favorites]
Especially given that “best practices” is a field full of ever-moving goalposts that are quite often built of things only the most dedicated geek finds reasonable.
posted by Thorzdad at 7:18 AM on December 6, 2023 [10 favorites]
I'm amazed that more Gen Z/Millennials don't seem to be interested in protecting personal privacy. Reading this article made me appreciate the firehose of personal choices that have to be navigated at a student campus. Here's a good guide on keeping online activities as private as possible:
https://github.com/Lissy93/personal-security-checklist
posted by mctsonic at 7:34 AM on December 6, 2023 [11 favorites]
https://github.com/Lissy93/personal-security-checklist
posted by mctsonic at 7:34 AM on December 6, 2023 [11 favorites]
(Reminder that urls aren’t automatically turned into links, but can easily be made linkable (thus contributing to site accessibility) by using the “link” button in the quick-access edit buttons immediately below the comment input window. (The link button is the one on the far right of the row of buttons just under the comment box.))
posted by eviemath at 7:42 AM on December 6, 2023 [1 favorite]
posted by eviemath at 7:42 AM on December 6, 2023 [1 favorite]
It is such a hard line to tow, encouraging best practices re: data safety (or even property safety) while avoiding coming off as victim-blamey.
It's because the problem is a communal/societal one, and pushing responsibility to the individual level is always going to come across as victim-blamey. The reality is that we need to make data collection more legally fraught for these groups with things like HIPAA For Everything so that they are forced to rethink their data hoovering.
I'm amazed that more Gen Z/Millennials don't seem to be interested in protecting personal privacy.
It's less that they're not interested, and more that they feel that the war's lost, so what's the point?
posted by NoxAeternum at 7:42 AM on December 6, 2023 [8 favorites]
It's because the problem is a communal/societal one, and pushing responsibility to the individual level is always going to come across as victim-blamey. The reality is that we need to make data collection more legally fraught for these groups with things like HIPAA For Everything so that they are forced to rethink their data hoovering.
I'm amazed that more Gen Z/Millennials don't seem to be interested in protecting personal privacy.
It's less that they're not interested, and more that they feel that the war's lost, so what's the point?
posted by NoxAeternum at 7:42 AM on December 6, 2023 [8 favorites]
I started doing a bit of a tough-love approach on them - using the info they would be freely sharing, I would do a Google search for their picture or some other info they had NOT shared with the BBS; something like, their high school address, or their lacrosse team's latest score. I would DM them that info, with an explanation about how I'd found it. That often did the trick.
I know you had the best intentions, but isn't this still a kind of doxxing despite them having put that information out there to begin with? Even if they overshared in one context, isn't it kinda rude and creepy to pull up stuff they shared in another context and confront them with it for no reason other than to demonstrate that you have access to it?
posted by RonButNotStupid at 7:53 AM on December 6, 2023 [2 favorites]
I know you had the best intentions, but isn't this still a kind of doxxing despite them having put that information out there to begin with? Even if they overshared in one context, isn't it kinda rude and creepy to pull up stuff they shared in another context and confront them with it for no reason other than to demonstrate that you have access to it?
posted by RonButNotStupid at 7:53 AM on December 6, 2023 [2 favorites]
It's a fine line, but it seems to me keeping it to DMs and providing context was the correct side of that line.
posted by I-Write-Essays at 7:55 AM on December 6, 2023 [11 favorites]
posted by I-Write-Essays at 7:55 AM on December 6, 2023 [11 favorites]
I had my identity stolen years back. I am allergic to rights-of-privacy problems. I absolutely hate that Walgreen's makes me sign in with my phone number if I want to receive any of their advertised sales. I just assume they are going to have a major data breach and my info will all be stolen.
I hate when I buy something embarrassing and personal at Walgreen's that the cashier greets me by name.
posted by dances_with_sneetches at 8:13 AM on December 6, 2023 [3 favorites]
I hate when I buy something embarrassing and personal at Walgreen's that the cashier greets me by name.
posted by dances_with_sneetches at 8:13 AM on December 6, 2023 [3 favorites]
Years ago my dad stumbled onto the blog of a neighbor a few houses down. This neighbor used their own real name and didn't make any attempt to hide anything. My dad didn't really know this neighbor except that maybe they waved to each other occasionally? One day my dad bumped into her at the post office and congratulated her on her new job, which he had read about in a recent post. My dad was surprised by how flustered she was and how quickly she left the post office without saying anything.
"Why was it wrong to congratulate her for her job? She wrote about how excited she was and put it on the Internet."
"Dad, she put it on the Internet. She didn't expect anyone to actually read it in real life"
posted by RonButNotStupid at 8:16 AM on December 6, 2023 [11 favorites]
"Why was it wrong to congratulate her for her job? She wrote about how excited she was and put it on the Internet."
"Dad, she put it on the Internet. She didn't expect anyone to actually read it in real life"
posted by RonButNotStupid at 8:16 AM on December 6, 2023 [11 favorites]
Faculty and staff, and to a lesser extent alumni, are in a better position to lead campus efforts for privacy reform than students. It’s the sort of issue that requires longer-term advocacy and involvement in many cases (unless a specific and clear change occurs, like new use of exam tracking software), and that, to be honest, often impacts us more.
On my campus, it is the opposite. Any issue raised by faculty or staff is dismissed as "you don't go through the proper chain of command" and/or as whining. Our student government is the only organization on campus that has a chance of getting the attention of our administration.
posted by hydropsyche at 8:17 AM on December 6, 2023 [4 favorites]
On my campus, it is the opposite. Any issue raised by faculty or staff is dismissed as "you don't go through the proper chain of command" and/or as whining. Our student government is the only organization on campus that has a chance of getting the attention of our administration.
posted by hydropsyche at 8:17 AM on December 6, 2023 [4 favorites]
Students are subjected to this in grades K-12. Campus security, screen monitoring, web traffic monitoring, teachers able to see when and where and how long they use each tool. LMSs have those features baked in. A school can opt not to use them, but the data is there. And besides, it's been a thing for so much of their school-life, that I' not sure it would even occur to most that it is an issue worth fighting.
posted by Garm at 8:17 AM on December 6, 2023 [4 favorites]
posted by Garm at 8:17 AM on December 6, 2023 [4 favorites]
Apthorpe said that because learning management systems track, down to the minute, when students submit assignments, professors may come to think of students as deadline pushers, for example, or those who get their work done early…
Natividad said one of his professors told him he can see in Canvas whether students seem to log on together and complete work from the same location.
This is just too much information for the professors to have. Students could all be in the same spot because it’s a place with WiFi and cheap food (whether that’s on campus or just somebody’s home). Someone could submit their assignment at the last minute because they purposely wait in case the professor sends out a clarification, or just because they set a calendar notification for every deadline and use that to know when to submit.
There’s just no benefit from a professor being able to see a few digital breadcrumbs and speculate about whether their students’ work habits pass muster.
posted by smelendez at 8:22 AM on December 6, 2023 [12 favorites]
Natividad said one of his professors told him he can see in Canvas whether students seem to log on together and complete work from the same location.
This is just too much information for the professors to have. Students could all be in the same spot because it’s a place with WiFi and cheap food (whether that’s on campus or just somebody’s home). Someone could submit their assignment at the last minute because they purposely wait in case the professor sends out a clarification, or just because they set a calendar notification for every deadline and use that to know when to submit.
There’s just no benefit from a professor being able to see a few digital breadcrumbs and speculate about whether their students’ work habits pass muster.
posted by smelendez at 8:22 AM on December 6, 2023 [12 favorites]
It's less that they're not interested, and more that they feel that the war's lost, so what's the point?
Yeah, this is it. That ship sailed long, long ago and if you believe otherwise you're just wrong. There's no hope anymore, so why worry about it?
And it doesn't even matter how careful you personally are because a third party like Experian will inevitably suffer a massive breach exposing your private information to the world. Guess you should've known better than to live in a place where you have to give your data (or accept your data being given) to these entities to get a credit score to allow you to even have a chance at buying or renting a home.
posted by star gentle uterus at 9:43 AM on December 6, 2023 [6 favorites]
Yeah, this is it. That ship sailed long, long ago and if you believe otherwise you're just wrong. There's no hope anymore, so why worry about it?
And it doesn't even matter how careful you personally are because a third party like Experian will inevitably suffer a massive breach exposing your private information to the world. Guess you should've known better than to live in a place where you have to give your data (or accept your data being given) to these entities to get a credit score to allow you to even have a chance at buying or renting a home.
posted by star gentle uterus at 9:43 AM on December 6, 2023 [6 favorites]
There’s just no benefit from a professor being able to see a few digital breadcrumbs and speculate about whether their students’ work habits pass muster.
There is enough That Is Known about behavior patterns, that software exists to collate these facts without relying on humans who are, as you say, deplorably curious -- and also insufficiently analytical. Attendance, grades, infractions, etc. all get tracked and sifted to see if students who are having trouble can be identified for early outreach and help.
The data is scanned for these patterns because it's easier to intervene early, and also because it really sucks for the student and the school to have someone flame out/drop out.
I like the notion that a machine of good intentions is watching over my own kids' data trails at school; I wouldn't like this if it was some staffer, or -- worse -- a bunch of them comparing notes at a weekly meeting.
posted by wenestvedt at 11:25 AM on December 6, 2023 [1 favorite]
There is enough That Is Known about behavior patterns, that software exists to collate these facts without relying on humans who are, as you say, deplorably curious -- and also insufficiently analytical. Attendance, grades, infractions, etc. all get tracked and sifted to see if students who are having trouble can be identified for early outreach and help.
The data is scanned for these patterns because it's easier to intervene early, and also because it really sucks for the student and the school to have someone flame out/drop out.
I like the notion that a machine of good intentions is watching over my own kids' data trails at school; I wouldn't like this if it was some staffer, or -- worse -- a bunch of them comparing notes at a weekly meeting.
posted by wenestvedt at 11:25 AM on December 6, 2023 [1 favorite]
Yeah, but someone totally outside the school, maybe outside the state, maybe who doesn't even like kids or you or whatever you represent, who will never see your kids' faces or read their words - that is who controls the machine.
posted by amtho at 1:10 PM on December 6, 2023 [3 favorites]
posted by amtho at 1:10 PM on December 6, 2023 [3 favorites]
Machines don't have intentions. They work for whoever happens to own them at the moment. And that can change whenever someone burns out and retires or sells a company, or someone hacks in, or someone takes over, or someone else becomes more expert. The people with the time, attention, and energy for these kinds of takeovers are generally not the people spending enough time and attention to nurture anything complex, like your kids.
posted by amtho at 1:36 PM on December 6, 2023 [1 favorite]
posted by amtho at 1:36 PM on December 6, 2023 [1 favorite]
Everybody seems to be a victim of a massive data breach every 3-4 months. I have lost track of them all.
The avalanche has started and it's too late for the pebbles to vote. There's no point in fighting because the battle is lost.
posted by jenfullmoon at 1:43 PM on December 6, 2023 [1 favorite]
The avalanche has started and it's too late for the pebbles to vote. There's no point in fighting because the battle is lost.
posted by jenfullmoon at 1:43 PM on December 6, 2023 [1 favorite]
I know you had the best intentions, but isn't this still a kind of doxxing despite them having put that information out there to begin with? Even if they overshared in one context.
That is why I kept it to private messaging, so a) they would be sure to see it and b) ONLY they would see it.
posted by EmpressCallipygos at 2:20 PM on December 6, 2023 [1 favorite]
That is why I kept it to private messaging, so a) they would be sure to see it and b) ONLY they would see it.
posted by EmpressCallipygos at 2:20 PM on December 6, 2023 [1 favorite]
The battle, at least on this particular field, is far from lost. Quite a few institutions, for example, dropped (racist, ableist) exam proctoring services because of student protest.
I had a meetup with a dean a few weeks back to discuss this student-newspaper article. It takes a while (way more than one meetup!) to push a dean anywhere, but the meetup went quite well, the dean asked to speak with me again, and I continue to hope.
posted by humbug at 3:52 PM on December 6, 2023 [4 favorites]
I had a meetup with a dean a few weeks back to discuss this student-newspaper article. It takes a while (way more than one meetup!) to push a dean anywhere, but the meetup went quite well, the dean asked to speak with me again, and I continue to hope.
posted by humbug at 3:52 PM on December 6, 2023 [4 favorites]
The battle, at least on this particular field, is far from lost.
The problem is that it feels like it, because any time we talk about data collection, it's almost always from the direction of personal prophylaxis - what people can do to limit exposure (no matter how personally diminishing that is) as opposed to how we can push back on these practices. Even worse, we routinely see this data hoovering defended as the "cost" of "the future" - look at all the discussion around LLM training sets, for an example.
We need to stop looking at this from the individual level, and start looking at it from the societal level, and hold companies to account for their practices. Unfortunately, when data brokerage is big business, that's an uphill climb.
posted by NoxAeternum at 4:24 PM on December 6, 2023 [6 favorites]
The problem is that it feels like it, because any time we talk about data collection, it's almost always from the direction of personal prophylaxis - what people can do to limit exposure (no matter how personally diminishing that is) as opposed to how we can push back on these practices. Even worse, we routinely see this data hoovering defended as the "cost" of "the future" - look at all the discussion around LLM training sets, for an example.
We need to stop looking at this from the individual level, and start looking at it from the societal level, and hold companies to account for their practices. Unfortunately, when data brokerage is big business, that's an uphill climb.
posted by NoxAeternum at 4:24 PM on December 6, 2023 [6 favorites]
I agree, NoxAeternum. Some hope may come from the European Union, which is divebombing Facebook and Google like a hungry hawk over their data practices. US states, if as yet not the federal government, have followed considerable swathes of EU data-protection regulation, with the one-to-three-year delays you'd expect from legislative processes.
The FTC is also doing good work right now. Hope it continues.
posted by humbug at 4:45 PM on December 6, 2023 [2 favorites]
The FTC is also doing good work right now. Hope it continues.
posted by humbug at 4:45 PM on December 6, 2023 [2 favorites]
« Older Free Money | After the Hit-and-Run Newer »
This thread has been archived and is closed to new comments
It's quite possible bombastic lowercase pronouncements is right and I just suck at my job, of course. But I adduce in my own defense that I don't see very many long-lasting student-led privacy movements, like, anywhere, on any campus. One-person crusades, yes, absolutely, I respect the hell out of Bryan Short from the University of British Columbia. But one-person crusades (I say, ruefully) do not meaningful reform make.
I worked on a four-year research project (it should have been three years, but PANDEMIC) investigating these questions (with a focus on learning analytics in libraries), and the root causes here appear to be multiple and complicated. Ignorance (including inexperience with surveillance harms) is definitely one -- in the interview and focus-group phases of our work, we saw so many of our respondents thinking this through for the first time ever. Learned helplessness is another, the "privacy is dead, surveillance is inevitable, and there's nothing I can do" mindset that surveillance capitalism loves to foster. Belief that at least some surveillance has safety or academic benefits is also in there, though it's a somewhat distant third to ignorance and learned helplessness.
What I see among students -- and one accidental natural experiment in our research bore this out -- is that they've got to get hurt, or see clearly how they risk getting hurt, by surveillance before they care enough to protest. I've yet to figure out what to do about this, as "hurting them" is absolutely off the table for me.
It's not hopeless. Quite a few of our respondents articulated -- without our prodding, we weren't there to prod -- that they understood that some of their friends and classmates had stricter privacy standards than they, and they believed that campus should respect those standards. There's a solid, if small, minority that is privacy-savvy and furious. When we asked about guardrails, our respondents insisted firmly and sensibly on transparency and (genuine and revocable, not clickthrough) consent.
But whew, it's a bit Sisyphean some days.
posted by humbug at 4:21 AM on December 6, 2023 [14 favorites]