Last month, the Gates Foundation awarded a $6 million grant to the DOE’s Fund for Public Schools, Amplify, and the NYU MetroCenter “to develop R&D tools and related instructional strategies.”
I wonder why Amplify
is involved; are they supposed help develop these R&D tools? And how much money are
each of these organizations receiving? The grant notice does not say.
It is amazing how many different Amplify products are being used in NYC schools that collect and use personal student data – with little information made available at about which student personally identifiable information (PII) is being collected, how that data is being shared and how it will be protected.
New York Ed
Law 2-D and its
authorizing
regulations require rigorous transparency and disclosure to parents
about the protection and use of their children’s personal data, through a
Parent Bills of Rights for each vendor agreement; and each of these PBORs are mandated to be posted
on the district’s website.
There is no mention of either Amplify or NYU MetroCenter on the page disclosing agreements with researchers that have access to personal data. On the vendor page, the requisite Amplify Parent Bill of Rights agreement says this about which types of personally identifiable information (PII) the company is provided access to "Type of PII that the Entity will receive/access: Student PII."
Which says nothing.
As to which of
Amplify’s products and programs access student PII, it says the following: “Amplify
Education Inc. (“Amplify”) provides core curriculum and supplemental programs
and services in ELA, math, and science, and formative assessment products in
early reading and math….”
The page goes on to list at least 15 different Amplify products in every subject but social studies.
One of them is described this way: Amplify Math for grades 6–8 and Algebra 1 is a 100% blended core program based on Illustrative Mathematics IM K–12 Math. Chalkbeat recently reported that DOE intends to roll out a "standardized algebra curriculum from Illustrative Mathematics in at least 150 high schools" next year.
Instead of describing how the data will be secured, instead the webpage says the following:
Describe the administrative technical and/or physical safeguards to ensure PII will be protected and how the Entity will mitigate data privacy and security risks. [DOE comment: In its agreement, Amplify outlines in detail how it meets the COSO principles. Please contact studentprivacy@schools.nyc.gov if you would like a copy of this information.]
FYI, COSO stands for “Committee of Sponsoring Organizations” which is not fully congruent, as far as I understand it, with the process and procedures required by the law.
I urge parents to
ask DOE exactly how Amplify is protecting your child's data, as well as what data elements they currently hold for your child, which is also your
right under the law, as the webpage says:
“In accordance with N.Y. Education Law 2-d,
parents, students, eligible students, teachers, or principals may seek copies
of their PII, or seek to challenge the accuracy of PII in the custody or
control of the Entity. Typically, they can do so by contacting the NYC DOE
using the email address or mailing address below.” [studentprivacy@schools.nyc.gov]
We drafted a sample email you can send to DOE, which is below. According to Ed Law 2-D, parents have the right to receive this information within a “reasonable period, but not more than 45 calendar days.” So please keep track.
Once you receive
the data from DOE and/or Amplify, you also have the
right to challenge it if you think its inaccurate. In any event, you should
also ask that all the data that Amplify holds for your child be deleted at the
end of the school year. The posted Amplify Parent Bill
of Rights says that the data will be deleted under the following conditions:
- whenever requested by the DOE
- whenever the entity no longer needs the PII to provide services to the DOE
- whenever a DOE school or office ceases use of a product or service of the entity, for the PII that pertains to that school or office
- no later than upon termination of this Agreement
The agreement, however, doesn’t say when it terminates, contrary to the law and the regs which require that “the contract’s expiration date” be disclosed.
The Amplify PBOR adds the following: “to the extent practicable, it will not retain PII for more than one school year after the school year in which the data was received” without explaining what would make deletion practicable or not.
A little history
regarding Gates Foundation’s decade-long involvement with Amplify, for those who
may be interested:
Founded as Wireless Generation, Amplify was acquired by Rupert Murdoch for News Corporation for $360 million in
cash in 2010. At the same time, he appointed former DOE Chancellor
Joel Klein as its CEO. Murdoch invested $1 billion in the
company, and in 2011, it was revealed that Wireless/Amplify was supposed to
build the NY State student data system through a $27 million no-bid contract awarded
by then- NYSED Commissioner John King. As part of its supposed
qualifications to create this system, NYSED wrote the NY State Comptroller that Wireless had created the $80
million NYC student data system called ARIS, which is rather funny because by that point, ARIS was widely
acknowledged to have been an useless if expensive boondoggle.
When advocates like CSM, along with NYSUT and many others, protested this agreement because of privacy concerns, amplified by reports of News Corp involvement in the UK phone hacking scandal, NYS Comptroller DiNapoli announced he was cancelling the contract on August 27, 2011.
A few weeks earlier, Vicki Phillips, then director of education for the Gates Foundation, had announced on the Gates website the creation of an "amazing" new software program that resembled a "huge app store … with the Netflix and Facebook capabilities we love the most." She revealed that Wireless Generation was the vendor chosen for this Gates project, which at the time was called the Shared Learning Collaborative. She wrote that Wireless would “build the open software that will allow states to access a shared, performance-driven marketplace of free and premium tools and content.”
Shortly after this, I wrote the first blog post criticizing this venture, pointing out the controversy then raging concerning the proposed Wireless contract to build NY student data system.
In the months that followed, the Gates Foundation invested $100 million in the massive data project, called the Shared Learning Collaborative (SLC), and boasted that nine states and districts had agreed to share their personal student data with them, including NY State and NYC, with more to come.
In February 2013,
the SLC was spun off into a separate corporation called InBloom Inc., with Amplify
as its prime contractor, which would collect, sort and systematize a massive amount of personally identifiable student data,
so that inBloom could deliver it in an easily digestible form to companies,
to help them build their tools around the data and accelerate the expansion and development of the ed tech market.
Yet within a
year, nearly every state and district that had planned to share data with Gates
and inBloom had pulled out, after parents rebelled against the whole
notion of a private company holding so much of their children's personal data. Their anger was especially provoked by the provision in the Gates-drafted agreements that neither the Gates Foundation nor inBloom would have any legal responsibility if the data was breached either in storage or transmission.
NY State was the last state to pull out of inBloom, and it took an act of the State Legislature to do so, which finally happened as part of the state budget agreement in March 2014. At the same time, the Legislature passed the comprehensive student privacy bill, Education Law 2-d. As NY State was its last customer, inBloom shut its doors in April 2014. A more detailed timeline of these events is here.
As to Amplify, the company kept losing money. In 2013, I had an amusing interchange with Murdoch on Twitter when it was reported that the company had already lost $80 million. I pointed this fact out to him and said it was certain to lose more, to which he responded, saying “@amplify not losing money. Not even in business yet.”
Yet in 2015, it was revealed that Amplify lost
an additional $371M. That
year, Murdoch
sold it at a huge loss to a “team of 11 Amplify executives” that included Joel
Klein. This group later sold the business to Laurene
Powell Jobs at an undisclosed price, though “the company’s top
management...picked up a
minority position in the Brooklyn-based company as part of the deal.” So, it’s
possible that Klein still owns a piece of the business.
How much Amplify was counting on inBloom to keep it solvent one
can only guess, but it suffered other disasters over this period as well. With
great fanfare, the company produced an educational tablet to be
used in schools, preloaded with various curriculum and programs that
were supposed to revolutionize education.
Instead, the tablets’ screens
easily cracked and their chargers overheated and melted.
Here is a sample letter
to you can send to DOE, asking what data Amplify holds for your child, and how
it is being protected. Please let me
know if you do, and if you get a response by emailing me at info@studentprivacymatters.org
thanks! Leonie .
To: studentprivacy@schools.nyc.gov
To whom it may
concern,
My name is [name],
and I am the parent of [name] who attends [x grade] in [what school], at this
address [address].
As stated
on the DOE webpage concerning the agreement with Amplify, and
in accordance with Ed Law 2-D, I am requesting information on which “administrative,
technical and/or physical safeguards to ensure PII will be protected” are being employed by the company for each of its products, and how Amplify will “mitigate
data privacy and security risks.”
I also demand that
you provide me with copies of all of the personal information that Amplify holds
for my child through the use of any of its products, as is also my right under
Ed
Law 2-D and its
regulations. According to §121.12 (e), “Educational agencies shall comply with a
request for access to records within a reasonable period, but not more than 45
calendar days after receipt of a request.”
Thank you,
Your name, address, phone no., and email.
No comments:
Post a Comment